Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 error message on boot up - module failed to load [Solved]

regsvr32 module failed to load

  • This topic is locked This topic is locked

#1
rav3n82

rav3n82

    Member

  • Member
  • PipPip
  • 13 posts

Greetings, I have recently come to receive the below RegSvr32 error message each time I boot up my PC. I have tried scanning with both Avast and Malwarebytes, but they could not remove this nuisance. 

 

"The module 'C:/Users/Teoh Khai Siang/AppData/Local/U.../ParamBlk2.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files. The specified module could not be found.

 

Since the problem I have encountered is of an almost similar nature with what was reported here earlier: http://www.geekstogo...failed-to-load/, I have run the Farbar Recovery Scan Tool in advance and have attached the logs for both FRST.txt and Addition.txt to save some time (yes I am also of a different time zone :P).

 

Appreciate any help to resolve this problem.

 

Thanks!

 

Here are the results from the OTL scan:

 

OTL logfile created on: 4/7/2014 9:08:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Teoh Khai Siang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.18% Memory free
15.95 Gb Paging File | 13.67 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 58.54 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 407.55 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 492.53 Gb Free Space | 52.87% Space Free | Partition Type: NTFS
Drive H: | 29.80 Gb Total Space | 15.16 Gb Free Space | 50.86% Space Free | Partition Type: FAT32
 
Computer Name: TEOHKHAISIANG | User Name: Teoh Khai Siang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/07 14:54:48 | 001,426,178 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
PRC - [2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
PRC - [2014/04/06 16:51:38 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/07 13:39:00 | 000,444,760 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/02/05 17:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
PRC - [2013/02/05 10:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
PRC - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe
PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/07 14:54:48 | 001,426,178 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
MOD - [2014/02/13 21:42:33 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/13 21:42:17 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/13 21:42:16 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/13 21:42:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/13 21:30:32 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/13 21:30:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 21:30:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/13 21:30:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 21:30:18 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 21:30:18 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/13 21:30:17 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/13 21:30:16 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 21:30:16 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 21:30:16 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/13 21:30:15 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/13 21:30:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/13 21:30:14 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 21:30:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 21:30:14 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 21:30:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/11/23 12:31:58 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
MOD - [2013/02/05 10:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2012/10/25 16:19:44 | 001,411,072 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2012/10/25 16:19:34 | 000,293,376 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
MOD - [2012/10/25 16:19:34 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
MOD - [2012/02/15 07:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/01 12:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 17:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/06 01:53:46 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV - [2014/03/15 17:36:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 02:41:42 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/12 06:08:26 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Auto | Running] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 16:51:39 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 16:51:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/28 02:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/15 14:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 14:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/03/01 03:58:14 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2012/10/29 08:21:40 | 000,990,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/10/03 06:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/08/11 06:44:16 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 15:24:16 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KYEKBPRO.sys -- (KYEKBPRO)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 65 F6 DA 29 3A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2013/04/15 22:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013/07/11 22:52:17 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 acdid.acdsystems.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [ghost] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [Tilt] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe ()
O4 - HKCU..\Run: [PogoplugPC] C:\Program Files (x86)\PogoplugPC\ppserver.exe (Cloud Engines, Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: NameServer = 122.255.99.236,122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656E27BD-FBE5-4DD7-A093-63FAC2420158}: DhcpNameServer = 122.255.99.236 122.255.99.228
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 21:09:20 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 21:09:19 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 21:08:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/07 21:06:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
[2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/04/06 19:40:48 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
[2014/04/06 19:40:47 | 000,019,888 | ---- | C] (solvusoft) -- C:\Windows\SysNative\roboot64.exe
[2014/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinThruster
[2014/04/06 16:51:39 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2014/04/03 21:39:20 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Mobile
[2014/04/03 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2014/04/03 21:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
[2014/04/02 23:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/03/30 16:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014/03/25 22:12:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
[2014/03/25 21:56:26 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
[2014/03/25 21:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/25 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\Documents\Thief
[2014/03/22 20:47:55 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
[2014/03/22 20:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/03/22 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
[2014/03/22 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/03/22 20:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/22 20:45:18 | 000,062,408 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/03/22 20:45:18 | 000,054,216 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/03/22 20:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/03/22 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
[2014/03/15 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/07 21:07:58 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/07 21:07:58 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 21:07:58 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 21:05:32 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/07 21:05:32 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/04/07 21:05:22 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/04/07 21:05:13 | 000,000,407 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini
[2014/04/07 21:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/07 14:54:48 | 001,426,178 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/07 14:02:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 13:56:10 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/06 20:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 20:19:23 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 20:15:47 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 20:15:47 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 18:01:53 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 17:20:20 | 000,776,261 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\Untitled.jpg
[2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 16:51:39 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 16:51:39 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 16:51:39 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 16:51:39 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:34:07 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/30 17:07:25 | 000,000,022 | ---- | M] () -- C:\Windows\GPU-Z.INI
[2014/03/30 16:48:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\3DMark.lnk
[2014/03/27 21:59:20 | 002,712,576 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2014/03/25 21:57:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/23 20:15:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 19:58:06 | 000,001,991 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
[2014/03/15 18:38:25 | 000,319,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/04/07 21:06:14 | 001,426,178 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex The Fall.lnk
[2014/04/06 17:20:20 | 000,776,261 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\Untitled.jpg
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:34:07 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/25 21:56:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 20:45:25 | 003,649,185 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/03/22 20:44:44 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/22 19:58:06 | 000,001,991 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
[2014/02/14 22:20:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/11 19:10:48 | 000,007,602 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\Resmon.ResmonCfg
[2013/12/11 17:44:33 | 000,000,000 | -HS- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\LumaEmu
[2013/10/06 16:45:01 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2013/07/24 22:22:30 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2013/07/05 23:47:52 | 000,000,624 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/12/26 23:39:02 | 002,712,576 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2012/12/26 19:35:27 | 000,773,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/24 10:25:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/24 10:25:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/23 00:10:32 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012/12/22 23:53:35 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/04 06:44:04 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2013/07/11 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\ACD Systems
[2013/11/23 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\AVAST Software
[2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon
[2014/04/02 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2013/02/28 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Crysis 3
[2013/04/15 22:52:04 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\GoforFiles
[2014/01/04 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Injustice
[2014/04/06 19:44:36 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2012/12/22 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Leadertech
[2013/12/09 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\library_dir
[2013/08/06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\MKKE
[2013/07/23 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk
[2013/06/20 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk SecureAccess
[2014/04/06 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
[2013/09/14 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\The Creative Assembly
[2013/08/15 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\TP-LINK
 
========== Purity Check ==========
 
 

< End of report >

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Teoh Khai Siang (administrator) on TEOHKHAISIANG on 07-04-2014 21:28:26
Running from C:\Users\Teoh Khai Siang\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Gemalto N.V.) C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\ppserver.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
() C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [Tilt] - C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe [733184 2013-06-28] ()
HKLM-x32\...\Run: [ghost] - C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BootRacer] - C:\Program Files (x86)\BootRacer\Bootrace.exe [6357264 2012-10-18] ( (Greatis Software))
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [PogoplugPC] - C:\Program Files (x86)\PogoplugPC\ppserver.exe [23797248 2013-06-12] (Cloud Engines, Inc.)
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [Uddgmedia] - regsvr32.exe "C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia\ParamBlk2.dll" <===== ATTENTION
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {471e9465-6a26-11e2-ae3a-002215a9f666} - G:\AutoRun.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {471e947f-6a26-11e2-ae3a-002215a9f666} - G:\AutoRun.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {e26de56e-bb30-11e3-a68f-002215a9f666} - G:\Startme.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {ed2db96b-4e38-11e2-a250-002215a9f666} - G:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE965F6DA293ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-se...66B647002239141
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Hosts: 127.0.0.1 acdid.acdsystems.com
Tcpip\Parameters: [DhcpNameServer] 122.255.99.228 122.255.99.236
Tcpip\..\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: [NameServer]122.255.99.236,122.255.99.228

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2012-05-31] (Greatis Software, LLC)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
R2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-06-12] (Cloud Engines, Inc.)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-06] ()
S3 KYEKBPRO; C:\Windows\System32\drivers\KYEKBPRO.sys [25600 2011-10-14] ( )
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [990864 2012-10-29] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-03-01] (Cloud Engines, Inc.)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-07 21:28 - 2014-04-07 21:28 - 00011225 _____ () C:\Users\Teoh Khai Siang\Desktop\FRST.txt
2014-04-07 21:28 - 2014-04-07 21:28 - 00000000 ____D () C:\FRST
2014-04-07 21:11 - 2014-04-07 21:11 - 00088340 _____ () C:\Users\Teoh Khai Siang\Desktop\OTL.Txt
2014-04-07 21:11 - 2014-04-07 21:11 - 00080392 _____ () C:\Users\Teoh Khai Siang\Desktop\Extras.Txt
2014-04-07 21:09 - 2014-04-07 14:02 - 01016261 _____ (Thisisu) C:\Users\Teoh Khai Siang\Desktop\JRT.exe
2014-04-07 21:09 - 2014-04-07 13:56 - 02157056 _____ (Farbar) C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
2014-04-07 21:08 - 2014-04-07 11:43 - 00602112 _____ (OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-07 21:06 - 2014-04-07 14:54 - 01426178 _____ () C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
2014-04-06 20:36 - 2014-04-06 20:37 - 00017627 _____ () C:\Windows\DirectX.log
2014-04-06 20:19 - 2014-04-06 20:19 - 00000533 _____ () C:\Users\Public\Desktop\Deus Ex The Fall.lnk
2014-04-06 20:08 - 2014-04-07 21:08 - 00033709 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 20:08 - 2014-04-07 21:05 - 00001503 _____ () C:\Windows\AutoKMS.log
2014-04-06 20:08 - 2014-04-07 21:05 - 00000504 _____ () C:\Windows\setupact.log
2014-04-06 20:08 - 2014-04-06 20:08 - 00000420 _____ () C:\Windows\PFRO.log
2014-04-06 20:08 - 2014-04-06 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 20:06 - 2014-04-06 20:06 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\ProgramData\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 19:40 - 2014-04-06 20:04 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-04-06 19:40 - 2014-04-06 20:03 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
2014-04-06 19:40 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2014-04-06 18:53 - 2014-04-06 18:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Teoh Khai Siang\Downloads\HijackThis.exe
2014-04-06 16:51 - 2014-04-06 16:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\ProgramData\.mono
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-04-03 21:39 - 2014-04-03 21:39 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-04-03 21:34 - 2014-04-03 21:34 - 00002058 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\ProgramData\Sony
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-02 23:41 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
2014-04-02 23:40 - 2014-04-04 07:18 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
2014-04-02 23:40 - 2014-04-02 23:53 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
2014-04-02 23:18 - 2014-04-02 23:18 - 00000780 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-30 16:47 - 2014-03-30 16:47 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-03-30 16:46 - 2014-03-30 16:46 - 02621440 _____ () C:\Users\Teoh Khai Siang\Downloads\Futuremark_SystemInfo_v426_installer.msi
2014-03-25 22:12 - 2014-03-25 22:13 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
2014-03-25 21:56 - 2014-03-25 21:57 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 21:56 - 2014-03-25 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-25 21:56 - 2014-03-25 21:56 - 00001328 _____ () C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 21:48 - 2014-03-25 21:51 - 00000000 ____D () C:\Users\Teoh Khai Siang\Documents\Thief
2014-03-23 16:44 - 2014-03-23 18:20 - 1007422198 _____ () C:\Users\Teoh Khai Siang\Downloads\3DMark-v1-2-362.zip
2014-03-22 20:47 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
2014-03-22 20:46 - 2014-03-22 20:46 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-22 20:46 - 2014-03-22 20:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 20:45 - 2014-03-22 20:53 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
2014-03-22 20:45 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 20:45 - 2014-03-04 22:35 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-22 20:45 - 2014-03-04 22:35 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-22 20:45 - 2014-03-04 21:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-22 20:45 - 2014-03-04 21:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-22 20:45 - 2014-03-04 21:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-22 20:45 - 2014-03-04 21:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-22 20:45 - 2014-03-04 21:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-22 20:45 - 2014-03-04 21:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-22 20:45 - 2014-02-05 17:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-22 20:45 - 2014-02-05 17:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-22 20:44 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-22 20:44 - 2014-03-04 22:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-22 20:44 - 2014-03-04 22:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-22 20:44 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-22 20:44 - 2013-12-28 02:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-22 20:44 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-22 19:58 - 2014-03-22 19:58 - 00001991 _____ () C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
2014-03-22 19:57 - 2014-03-22 19:57 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
2014-03-22 19:54 - 2014-03-22 19:54 - 02765850 _____ () C:\Users\Teoh Khai Siang\Downloads\FireStorm_installer_2.0.5.exe
2014-03-18 22:04 - 2014-03-18 22:06 - 00000046 _____ () C:\Windows\lnk.txt
2014-03-15 17:45 - 2014-03-01 14:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 17:45 - 2014-03-01 13:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 17:45 - 2014-03-01 13:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 17:45 - 2014-03-01 12:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 17:45 - 2014-03-01 12:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 17:45 - 2014-03-01 12:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 17:45 - 2014-03-01 12:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 17:45 - 2014-03-01 12:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 17:45 - 2014-03-01 12:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 17:45 - 2014-03-01 12:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 17:45 - 2014-03-01 12:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 17:45 - 2014-03-01 12:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 17:45 - 2014-03-01 12:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 17:45 - 2014-03-01 12:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 17:45 - 2014-03-01 12:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 17:45 - 2014-03-01 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 17:45 - 2014-03-01 12:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 17:45 - 2014-03-01 11:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 17:45 - 2014-03-01 11:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 17:45 - 2014-03-01 11:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 17:45 - 2014-03-01 11:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 17:45 - 2014-03-01 11:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 17:45 - 2014-03-01 11:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 17:45 - 2014-03-01 11:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 17:45 - 2014-03-01 11:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 17:45 - 2014-03-01 11:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 17:45 - 2014-03-01 11:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 17:45 - 2014-03-01 11:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 17:45 - 2014-03-01 11:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 17:45 - 2014-03-01 11:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 17:45 - 2014-03-01 11:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 17:45 - 2014-03-01 11:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 17:45 - 2014-03-01 11:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 17:45 - 2014-03-01 11:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 17:45 - 2014-03-01 10:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 17:45 - 2014-03-01 10:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 17:45 - 2014-03-01 10:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 17:45 - 2014-03-01 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 17:45 - 2014-03-01 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 17:45 - 2014-03-01 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-15 17:40 - 2014-02-07 09:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 17:40 - 2014-02-04 10:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-15 17:40 - 2014-02-04 10:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 17:40 - 2014-02-04 10:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-15 17:40 - 2014-02-04 10:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 17:40 - 2014-01-29 10:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 17:40 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 17:40 - 2014-01-28 10:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-15 17:08 - 2014-04-06 19:31 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
2014-03-15 17:07 - 2014-03-15 17:07 - 00003200 _____ () C:\Windows\System32\Tasks\{C1824F5C-A447-4C64-9AEA-87C68DCE36E2}
2014-03-15 17:06 - 2014-03-15 17:28 - 232485456 _____ (NVIDIA Corporation) C:\Users\Teoh Khai Siang\Downloads\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe

==================== One Month Modified Files and Folders =======

2014-04-07 21:28 - 2014-04-07 21:28 - 00011225 _____ () C:\Users\Teoh Khai Siang\Desktop\FRST.txt
2014-04-07 21:28 - 2014-04-07 21:28 - 00000000 ____D () C:\FRST
2014-04-07 21:21 - 2009-07-14 12:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 21:21 - 2009-07-14 12:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 21:11 - 2014-04-07 21:11 - 00088340 _____ () C:\Users\Teoh Khai Siang\Desktop\OTL.Txt
2014-04-07 21:11 - 2014-04-07 21:11 - 00080392 _____ () C:\Users\Teoh Khai Siang\Desktop\Extras.Txt
2014-04-07 21:10 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 21:08 - 2014-04-06 20:08 - 00033709 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-07 21:05 - 2014-04-06 20:08 - 00001503 _____ () C:\Windows\AutoKMS.log
2014-04-07 21:05 - 2014-04-06 20:08 - 00000504 _____ () C:\Windows\setupact.log
2014-04-07 21:05 - 2013-10-06 16:45 - 00078848 _____ () C:\Windows\KMSEmulator.exe
2014-04-07 21:05 - 2013-04-16 22:28 - 00002740 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2014-04-07 21:05 - 2013-04-16 22:28 - 00000220 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-07 21:05 - 2013-04-16 22:28 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-04-07 21:05 - 2012-12-22 23:55 - 00000557 ____H () C:\Users\Public\Documents\bootracer.log
2014-04-07 21:05 - 2012-12-22 23:55 - 00000407 _____ () C:\Users\Public\Documents\bootracer.ini
2014-04-07 21:05 - 2012-12-22 23:55 - 00000000 ____D () C:\Program Files (x86)\BootRacer
2014-04-07 21:05 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 14:54 - 2014-04-07 21:06 - 01426178 _____ () C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
2014-04-07 14:02 - 2014-04-07 21:09 - 01016261 _____ (Thisisu) C:\Users\Teoh Khai Siang\Desktop\JRT.exe
2014-04-07 13:56 - 2014-04-07 21:09 - 02157056 _____ (Farbar) C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
2014-04-07 11:43 - 2014-04-07 21:08 - 00602112 _____ (OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
2014-04-06 20:37 - 2014-04-06 20:36 - 00017627 _____ () C:\Windows\DirectX.log
2014-04-06 20:36 - 2012-12-27 19:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-06 20:19 - 2014-04-06 20:19 - 00000533 _____ () C:\Users\Public\Desktop\Deus Ex The Fall.lnk
2014-04-06 20:08 - 2014-04-06 20:08 - 00000420 _____ () C:\Windows\PFRO.log
2014-04-06 20:08 - 2014-04-06 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 20:06 - 2014-04-06 20:06 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
2014-04-06 20:04 - 2014-04-06 19:40 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-04-06 20:03 - 2014-04-06 19:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\ProgramData\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 19:31 - 2014-03-15 17:08 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
2014-04-06 18:53 - 2014-04-06 18:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Teoh Khai Siang\Downloads\HijackThis.exe
2014-04-06 18:01 - 2013-11-23 12:34 - 00002010 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 16:51 - 2014-04-06 16:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 16:51 - 2014-01-05 08:13 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-06 16:51 - 2013-11-23 12:32 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 16:51 - 2013-11-23 12:31 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 16:51 - 2012-12-22 23:40 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-04 07:18 - 2014-04-02 23:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\ProgramData\.mono
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-04-03 21:39 - 2014-04-03 21:39 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-04-03 21:34 - 2014-04-03 21:34 - 00002058 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\ProgramData\Sony
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-03 21:34 - 2012-12-22 22:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-02 23:53 - 2014-04-02 23:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
2014-04-02 23:41 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
2014-04-02 23:41 - 2014-03-22 20:47 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
2014-04-02 23:18 - 2014-04-02 23:18 - 00000780 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-30 17:07 - 2013-07-24 22:22 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-03-30 16:48 - 2013-12-18 21:42 - 00001192 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-03-30 16:48 - 2013-11-11 19:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-30 16:48 - 2012-12-23 00:26 - 00000000 ____D () C:\Program Files\Futuremark
2014-03-30 16:47 - 2014-03-30 16:47 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-03-30 16:46 - 2014-03-30 16:46 - 02621440 _____ () C:\Users\Teoh Khai Siang\Downloads\Futuremark_SystemInfo_v426_installer.msi
2014-03-27 21:59 - 2012-12-26 23:39 - 02712576 _____ () C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
2014-03-25 22:14 - 2012-12-23 00:15 - 00000000 ____D () C:\Users\Teoh Khai Siang\Tracing
2014-03-25 22:13 - 2014-03-25 22:12 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
2014-03-25 22:11 - 2012-12-25 10:16 - 00000000 ____D () C:\ProgramData\DatacardService
2014-03-25 21:57 - 2014-03-25 21:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 21:57 - 2014-03-25 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-25 21:56 - 2014-03-25 21:56 - 00001328 _____ () C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:51 - 2014-03-25 21:48 - 00000000 ____D () C:\Users\Teoh Khai Siang\Documents\Thief
2014-03-23 20:15 - 2014-01-12 18:49 - 00000913 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-03-23 18:20 - 2014-03-23 16:44 - 1007422198 _____ () C:\Users\Teoh Khai Siang\Downloads\3DMark-v1-2-362.zip
2014-03-23 16:30 - 2009-07-14 13:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 20:53 - 2014-03-22 20:45 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
2014-03-22 20:46 - 2014-03-22 20:46 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-22 20:46 - 2014-03-22 20:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 20:46 - 2014-02-14 23:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-22 20:45 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 20:45 - 2014-03-22 20:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-22 20:45 - 2014-02-19 22:40 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-22 20:45 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2014-03-22 20:13 - 2014-02-14 23:20 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA Corporation
2014-03-22 19:58 - 2014-03-22 19:58 - 00001991 _____ () C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
2014-03-22 19:57 - 2014-03-22 19:57 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
2014-03-22 19:57 - 2013-07-06 19:48 - 00000000 ____D () C:\Program Files (x86)\ZOTAC FireStorm
2014-03-22 19:54 - 2014-03-22 19:54 - 02765850 _____ () C:\Users\Teoh Khai Siang\Downloads\FireStorm_installer_2.0.5.exe
2014-03-18 22:06 - 2014-03-18 22:04 - 00000046 _____ () C:\Windows\lnk.txt
2014-03-15 18:38 - 2013-03-14 06:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 18:38 - 2013-03-14 06:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 18:38 - 2009-07-14 12:45 - 00319664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 18:12 - 2012-12-22 23:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-15 18:12 - 2011-04-12 16:28 - 00000000 ____D () C:\Windows\ShellNew
2014-03-15 17:48 - 2013-07-11 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-15 17:47 - 2012-12-26 19:38 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 17:36 - 2012-12-27 19:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 17:36 - 2012-12-27 19:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 17:36 - 2012-12-27 19:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-15 17:28 - 2014-03-15 17:06 - 232485456 _____ (NVIDIA Corporation) C:\Users\Teoh Khai Siang\Downloads\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-15 17:07 - 2014-03-15 17:07 - 00003200 _____ () C:\Windows\System32\Tasks\{C1824F5C-A447-4C64-9AEA-87C68DCE36E2}

Some content of TEMP:
====================
C:\Users\Teoh Khai Siang\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-03 07:15

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Teoh Khai Siang at 2014-04-07 21:28:41
Running from C:\Users\Teoh Khai Siang\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ (HKLM-x32\...\¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ_is1) (Version:  - Dead Space 3)
«Borderlands 2»  1.3.1.0 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.3.1.0 - Take-Two Interactive Software, Inc.)
3DMark (HKLM-x32\...\{38f32cea-14ce-4349-882e-8779bcd45e5c}) (Version: 1.2.362.0 - Futuremark)
3DMark (Version: 1.2.362.0 - Futuremark) Hidden
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.5 - Futuremark Corporation)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIVIA GHOST (HKLM-x32\...\{4E711815-5F4E-47F2-B1E1-C0B43A8D57F3}) (Version: 1.06.0000 - GIGABYTE)
Assassins Creed IV Black Flag (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version:  - )
Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Assassin's Creed Liberation HD (HKLM-x32\...\Assassin's Creed Liberation HD_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Baldur's Gate - Enhanced Edition (HKLM-x32\...\Baldur's Gate - Enhanced Edition_is1) (Version:  - )
BatmanOrigins version BatmanOrigins (HKLM-x32\...\BatmanOrigins_is1) (Version: BatmanOrigins - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4 version Battlefield 4 (HKLM-x32\...\Battlefield 4_is1) (Version: Battlefield 4 - )
BioShock Infinite version 5.1 (HKLM-x32\...\{D36F3F6C-8411-4738-AF52-90536270C65B}_is1) (Version: 5.1 - Black_Box)
BootRacer (HKLM-x32\...\{A39CE04E-255B-4B75-86B6-8787660E0B24}) (Version: 4.0.0 - Greatis Software, LLC)
Call of Duty Ghosts (HKLM-x32\...\Call of Duty Ghosts_is1) (Version: Call of Duty Ghosts - )
Call Of Pripyat Benchmark 1.6.02 (HKLM-x32\...\{151F4583-1A05-46D9-8A0E-8F61B9C3502B}_is1) (Version:  - GSC Game World)
Castlevania Lords of Shadow (HKLM-x32\...\{F14EDCE5-B45D-4D77-A5B8-C7513E5C7BDA}) (Version: 6.0 - Black Box)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Company of Heroes 2_is1) (Version:  - )
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis 3 (HKLM-x32\...\Crysis 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CrystalDiskInfo 6.0.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.1 - Crystal Dew World)
CrystalDiskMark 3.0.3 (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadpool (HKLM-x32\...\Deadpool_is1) (Version: 1.0 - Activision)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Deus Ex Human Revolution - The Missing Link (HKLM-x32\...\Deus Ex Human Revolution - The Missing Link_is1) (Version:  - )
Deus ex Human Revolution (HKLM-x32\...\Deus ex Human Revolution_is1) (Version:  - )
Deus Ex: The Fall (HKLM-x32\...\RGV1c0V4VGhlRmFsbA==_is1) (Version: 1 - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
DMC Devil May Cry Vergils Downfall (HKLM-x32\...\DMC Devil May Cry Vergils Downfall_is1) (Version:  - )
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 1.9 - Treexy)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dungeons and Dragons Daggerdale (HKLM-x32\...\Dungeons and Dragons Daggerdale_is1) (Version:  - )
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Fallout New Vegas version 1.3.0.452 (HKLM-x32\...\{53CE0AE1-8092-4702-B1A6-99BBFB2344A6}_is1) (Version: 1.3.0.452 - Bethesda Softworks)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{EF7EA37B-C009-4D53-AE2A-FF7C6AEC35CE}) (Version: 4.26.386 - Futuremark)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Injustice Gods Among Us Ultimate Edition (HKLM-x32\...\Injustice Gods Among Us Ultimate Edition_is1) (Version:  - )
Intel® Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel® Network Connections 17.4.95.0 (Version: 17.4.95.0 - Intel) Hidden
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.0.400 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.0.3 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.3 - )
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Lost Planet 3 (HKLM-x32\...\Lost Planet 3_is1) (Version:  - )
Magic 2014 — Duels of the Planeswalkers (HKLM-x32\...\Magic 2014 — Duels of the Planeswalkers_is1) (Version:  - )
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Metal Gear Rising: Revengeance (HKLM-x32\...\Metal Gear Rising: Revengeance_is1) (Version: 1.0 - Konami)
Metro: Last Light © Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Excel 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Might and Magic X Legacy (HKLM-x32\...\TWlnaHRhbmRNYWdpY1hMZWdhY3k=_is1) (Version: 1 - )
Mortal Kombat Komplete Edition (HKLM-x32\...\Mortal Kombat Komplete Edition_is1) (Version:  - )
MSI Afterburner 3.0.0 Beta 18 (HKLM-x32\...\Afterburner) (Version: 3.0.0 Beta 18 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{09bcda7c-254d-46b5-bada-61e611bba738}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32 - NTI Corporation) Hidden
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCMark 7 (HKLM-x32\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
Pogoplug PC (HKLM\...\PogoplugPC) (Version: 1.1.14 - Cloud Engines Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Resident Evil 6 Benchmark (HKLM-x32\...\{0343CD8E-625A-47FF-BC7E-92BCDF2E5929}) (Version: 1.00.0000 - CAPCOM CO., LTD.)
ROCCAT Power-Grid version 0.458 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.458 - ROCCAT GmbH)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadowrun Returns (HKLM-x32\...\Shadowrun Returns_is1) (Version:  - Harebrained Holdings)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SSDlife Free (HKLM-x32\...\{F371CE3B-8994-44E3-9518-92B22EE4A7FF}) (Version: 2.3.56 - BinarySense Inc.)
StarCraft II Heart Of Swarm (HKLM-x32\...\StarCraft II Heart Of Swarm_is1) (Version:  - )
The Bureau XCOM Declassified (HKLM-x32\...\The Bureau XCOM Declassified_is1) (Version:  - )
The Elder Scrolls V: Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V: Skyrim - Legendary Edition_is1) (Version:  - )
The Incredible Adventures of Van Helsing (HKLM-x32\...\{779468AF-3247-4272-8DC5-F0A2F73C544B}_is1) (Version:  - )
Thief version Thief (HKLM-x32\...\Thief_is1) (Version: Thief - )
TL-WN822N/TL-WN821N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)
Tom Clancy`s Splinter Cell® Blacklist™ (HKLM-x32\...\Tom Clancy`s Splinter Cell® Blacklist™_is1) (Version: 1.01 - R.G. Revenants)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tombraider (HKLM-x32\...\Tombraider_is1) (Version:  - )
Torchlight II © Runic Games version 1 (HKLM-x32\...\Torchlight II © Runic Games_is1) (Version: 1 - )
Total War ROME II (HKLM-x32\...\Total War ROME II_is1) (Version:  - )
TP-LINK TL-WN8200ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCEL_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCEL_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCEL_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.EXCEL_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.EXCEL_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.EXCEL_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCEL_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCEL_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version:  - )

==================== Restore Points  =========================

06-04-2014 11:42:23 Windows Backup
06-04-2014 12:36:25 Installed DirectX

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-07-11 22:52 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com

==================== Scheduled Tasks (whitelisted) =============

Task: {12681D07-A084-4822-94F4-D2CB1FE174E1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {1C12F48C-7555-433A-8774-F914E2C91571} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {21AAF612-5E68-4ABD-9261-4FB57C910C74} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-06] (AVAST Software)
Task: {3A5408FD-8050-4EA9-AD33-EEF9331353E4} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [2013-04-16] ()
Task: {423BDBBE-03D6-45CE-809D-6D76D9E0C60C} - System32\Tasks\4807 => Wscript.exe C:\Users\TEOHKH~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9ED654E0-DD86-4BDF-AC6C-8F17C3B86407} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {A6DE0D19-63F2-4757-A7C3-517B3DC4F909} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {A72C454F-09B8-4987-A06A-F881B3189C74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C860EFD6-9842-4756-99C1-55A77A6C4A07} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {CAF28985-E4DA-4F40-AA20-0165E682DA2A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-04-16] ()
Task: {D3E16264-898F-4FC6-AD6F-2306543A90C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2014-03-22 20:45 - 2014-03-04 21:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-23 00:06 - 2009-08-16 17:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-12-24 10:25 - 2012-12-24 10:25 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-23 18:14 - 2013-06-23 18:14 - 00012520 _____ () C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-06-23 18:14 - 2013-06-23 18:14 - 00015080 _____ () C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-06-23 18:14 - 2013-06-23 18:14 - 00014056 _____ () C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2013-05-22 21:55 - 2012-10-25 16:19 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2013-06-28 17:56 - 2013-06-28 17:56 - 00733184 _____ () C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
2012-09-18 15:41 - 2012-09-18 15:41 - 00191488 _____ () C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
2014-04-07 21:06 - 2014-04-07 14:54 - 01426178 _____ () C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
2014-04-06 16:49 - 2014-04-06 15:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2014-04-07 21:06 - 2014-04-07 21:06 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040700\algo.dll
2013-02-05 10:11 - 2013-02-05 10:11 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2012-02-15 07:05 - 2012-02-15 07:37 - 11796096 _____ () C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2013-05-22 21:55 - 2012-10-25 16:19 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2013-05-22 21:55 - 2012-10-25 16:19 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2013-05-22 21:55 - 2012-10-25 16:19 - 00293376 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2013-11-23 12:31 - 2013-11-23 12:31 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 09:07:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:10:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:07:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 07:34:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:05:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 05:21:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 04:50:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 10:23:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 06:28:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 09:09:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/07/2014 09:05:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 08:42:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 08:08:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 08:06:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 07:44:40 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 6 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/06/2014 07:32:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 07:30:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 07:29:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/06/2014 06:57:26 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/06/2014 06:03:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Microsoft Office Sessions:
=========================
Error: (04/07/2014 09:07:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:10:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 08:07:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 07:34:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 06:05:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 05:21:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 04:50:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 10:23:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 06:28:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 09:09:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8169.43 MB
Available physical RAM: 5608.97 MB
Total Pagefile: 16337.05 MB
Available Pagefile: 13443.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:58.45 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:407.55 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:931.51 GB) (Free:492.53 GB) NTFS
Drive h: () (Removable) (Total:29.8 GB) (Free:15.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 98374B6E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9293B9A1)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5F014F9C)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 30 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello ran3n82,

:welcome:
 

Greetings, I have recently come to receive the below RegSvr32 error message each time I boot up my PC.

Was that about the time that the cracked or pirated copy of Windows Office got installed on the computer?

I'm sorry but your logs show a cracked, or illegal, copy of Office has been installed. Our Terms of Use don't permit us to assist anyone with illegal software on the computer until it has been removed.

Please see items 3. p. and 4. f. of the TOU for the specifics.

We are willing to help you. But you will need to uninstall the cracked program(s) and then post a fresh OTL or FRST log.

thanks for your understanding.
 

 


  • 0

#3
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello ran3n82,

:welcome:
 

Greetings, I have recently come to receive the below RegSvr32 error message each time I boot up my PC.

Was that about the time that the cracked or pirated copy of Windows Office got installed on the computer?

I'm sorry but your logs show a cracked, or illegal, copy of Office has been installed. Our Terms of Use don't permit us to assist anyone with illegal software on the computer until it has been removed.

Please see items 3. p. and 4. f. of the TOU for the specifics.

We are willing to help you. But you will need to uninstall the cracked program(s) and then post a fresh OTL or FRST log.

thanks for your understanding.
 

 

No, it was installed sometime earlier before this problem came up. Anyway, I have removed it from my computer.

 

Here are the new logs:

 

OTL logfile created on: 4/8/2014 6:23:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Teoh Khai Siang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 81.15% Memory free
15.95 Gb Paging File | 14.34 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 63.74 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 407.55 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 492.53 Gb Free Space | 52.87% Space Free | Partition Type: NTFS
 
Computer Name: TEOHKHAISIANG | User Name: Teoh Khai Siang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
PRC - [2014/04/06 16:51:38 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/07 13:39:00 | 000,444,760 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/02/05 17:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
PRC - [2013/02/05 10:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
PRC - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe
PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/13 21:42:33 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/13 21:42:17 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/13 21:42:16 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/13 21:42:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/13 21:30:32 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/13 21:30:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 21:30:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/13 21:30:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 21:30:18 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 21:30:18 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/13 21:30:17 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/13 21:30:16 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 21:30:16 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 21:30:16 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/13 21:30:15 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/13 21:30:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/13 21:30:14 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 21:30:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 21:30:14 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 21:30:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/11/23 12:31:58 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
MOD - [2013/02/05 10:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2012/10/25 16:19:44 | 001,411,072 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2012/10/25 16:19:34 | 000,293,376 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
MOD - [2012/10/25 16:19:34 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
MOD - [2012/02/15 07:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/01 12:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 17:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/06 01:53:46 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV - [2014/03/15 17:36:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 02:41:42 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/12 06:08:26 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Auto | Running] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 16:51:39 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 16:51:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/28 02:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/15 14:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 14:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/03/01 03:58:14 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2012/10/29 08:21:40 | 000,990,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/10/03 06:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/08/11 06:44:16 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 15:24:16 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KYEKBPRO.sys -- (KYEKBPRO)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 65 F6 DA 29 3A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2013/04/15 22:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013/07/11 22:52:17 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 acdid.acdsystems.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [ghost] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [Tilt] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe ()
O4 - HKCU..\Run: [PogoplugPC] C:\Program Files (x86)\PogoplugPC\ppserver.exe (Cloud Engines, Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: NameServer = 122.255.99.236,122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656E27BD-FBE5-4DD7-A093-63FAC2420158}: DhcpNameServer = 122.255.99.236 122.255.99.228
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/08 06:19:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:28:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/07 21:09:20 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 21:09:19 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 21:08:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/07 21:06:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
[2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/04/06 19:40:48 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
[2014/04/06 19:40:47 | 000,019,888 | ---- | C] (solvusoft) -- C:\Windows\SysNative\roboot64.exe
[2014/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinThruster
[2014/04/06 16:51:39 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2014/04/03 21:39:20 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Mobile
[2014/04/03 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2014/04/03 21:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
[2014/04/02 23:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/03/30 16:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014/03/25 22:12:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
[2014/03/25 21:56:26 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
[2014/03/25 21:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/25 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\Documents\Thief
[2014/03/22 20:47:55 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
[2014/03/22 20:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/03/22 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
[2014/03/22 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/03/22 20:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/22 20:45:18 | 000,062,408 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/03/22 20:45:18 | 000,054,216 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/03/22 20:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/03/22 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
[2014/03/15 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/08 06:23:35 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 06:23:35 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/08 06:21:28 | 000,000,407 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini
[2014/04/08 06:21:28 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/08 06:21:27 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/04/08 06:21:26 | 000,319,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 06:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 06:20:01 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 06:20:01 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 06:20:01 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 06:15:21 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/04/07 23:35:02 | 000,000,330 | ---- | M] () -- C:\Users\Teoh Khai Siang\Documents\Preset 0.mbcfg
[2014/04/07 21:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/07 14:54:48 | 001,426,178 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/07 14:02:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 13:56:10 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/06 20:19:23 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 18:01:53 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 16:51:39 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 16:51:39 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 16:51:39 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 16:51:39 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:34:07 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/30 17:07:25 | 000,000,022 | ---- | M] () -- C:\Windows\GPU-Z.INI
[2014/03/30 16:48:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\3DMark.lnk
[2014/03/27 21:59:20 | 002,712,576 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2014/03/25 21:57:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/23 20:15:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 19:58:06 | 000,001,991 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/07 21:06:14 | 001,426,178 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex The Fall.lnk
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:34:07 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/25 21:56:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 20:45:25 | 003,649,185 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/03/22 20:44:44 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/22 19:58:06 | 000,001,991 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
[2014/02/14 22:20:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/11 19:10:48 | 000,007,602 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\Resmon.ResmonCfg
[2013/12/11 17:44:33 | 000,000,000 | -HS- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\LumaEmu
[2013/10/06 16:45:01 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2013/07/24 22:22:30 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2013/07/05 23:47:52 | 000,000,624 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/12/26 23:39:02 | 002,712,576 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2012/12/26 19:35:27 | 000,773,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/24 10:25:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/24 10:25:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/23 00:10:32 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012/12/22 23:53:35 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/04 06:44:04 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2013/07/11 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\ACD Systems
[2013/11/23 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\AVAST Software
[2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon
[2014/04/02 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2013/02/28 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Crysis 3
[2013/04/15 22:52:04 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\GoforFiles
[2014/01/04 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Injustice
[2014/04/06 19:44:36 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2012/12/22 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Leadertech
[2013/12/09 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\library_dir
[2013/08/06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\MKKE
[2013/07/23 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk
[2013/06/20 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk SecureAccess
[2014/04/06 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
[2013/09/14 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\The Creative Assembly
[2013/08/15 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\TP-LINK
 
========== Purity Check ==========
 
 

< End of report >

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Teoh Khai Siang (administrator) on TEOHKHAISIANG on 08-04-2014 06:29:05
Running from C:\Users\Teoh Khai Siang\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gemalto N.V.) C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\ppserver.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Cloud Engines, Inc.) C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupNowEZtray] - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [Tilt] - C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe [733184 2013-06-28] ()
HKLM-x32\...\Run: [ghost] - C:\Users\Teoh Khai Siang\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-06] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BootRacer] - C:\Program Files (x86)\BootRacer\Bootrace.exe [6357264 2012-10-18] ( (Greatis Software))
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [PogoplugPC] - C:\Program Files (x86)\PogoplugPC\ppserver.exe [23797248 2013-06-12] (Cloud Engines, Inc.)
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\Run: [Uddgmedia] - regsvr32.exe "C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia\ParamBlk2.dll" <===== ATTENTION
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {471e9465-6a26-11e2-ae3a-002215a9f666} - G:\AutoRun.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {471e947f-6a26-11e2-ae3a-002215a9f666} - G:\AutoRun.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {e26de56e-bb30-11e3-a68f-002215a9f666} - G:\Startme.exe
HKU\S-1-5-21-1729804402-3177559583-490602787-1000\...\MountPoints2: {ed2db96b-4e38-11e2-a250-002215a9f666} - G:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE965F6DA293ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-se...66B647002239141
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Hosts: 127.0.0.1 acdid.acdsystems.com
Tcpip\Parameters: [DhcpNameServer] 122.255.99.228 122.255.99.236
Tcpip\..\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: [NameServer]122.255.99.236,122.255.99.228

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-06] (AVAST Software)
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2012-05-31] (Greatis Software, LLC)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
R2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-06-12] (Cloud Engines, Inc.)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-06] ()
S3 KYEKBPRO; C:\Windows\System32\drivers\KYEKBPRO.sys [25600 2011-10-14] ( )
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [990864 2012-10-29] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-03-01] (Cloud Engines, Inc.)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 06:29 - 2014-04-08 06:29 - 00010779 _____ () C:\Users\Teoh Khai Siang\Desktop\FRST.txt
2014-04-08 06:26 - 2014-04-08 06:26 - 00087280 _____ () C:\Users\Teoh Khai Siang\Desktop\OTL.Txt
2014-04-08 06:23 - 2014-04-08 06:24 - 00012487 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 21:56 - 2014-04-07 21:56 - 00131595 _____ () C:\Users\Teoh Khai Siang\Desktop\Post.txt
2014-04-07 21:28 - 2014-04-08 06:29 - 00000000 ____D () C:\FRST
2014-04-07 21:09 - 2014-04-07 14:02 - 01016261 _____ (Thisisu) C:\Users\Teoh Khai Siang\Desktop\JRT.exe
2014-04-07 21:09 - 2014-04-07 13:56 - 02157056 _____ (Farbar) C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
2014-04-07 21:08 - 2014-04-07 11:43 - 00602112 _____ (OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-07 21:06 - 2014-04-07 14:54 - 01426178 _____ () C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
2014-04-06 20:19 - 2014-04-06 20:19 - 00000533 _____ () C:\Users\Public\Desktop\Deus Ex The Fall.lnk
2014-04-06 20:06 - 2014-04-06 20:06 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\ProgramData\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 19:40 - 2014-04-06 20:04 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-04-06 19:40 - 2014-04-06 20:03 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
2014-04-06 19:40 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2014-04-06 18:53 - 2014-04-06 18:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Teoh Khai Siang\Downloads\HijackThis.exe
2014-04-06 16:51 - 2014-04-06 16:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\ProgramData\.mono
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-04-03 21:39 - 2014-04-03 21:39 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-04-03 21:34 - 2014-04-03 21:34 - 00002058 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\ProgramData\Sony
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-02 23:41 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
2014-04-02 23:40 - 2014-04-04 07:18 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
2014-04-02 23:40 - 2014-04-02 23:53 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
2014-04-02 23:18 - 2014-04-02 23:18 - 00000780 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-30 16:47 - 2014-03-30 16:47 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-03-30 16:46 - 2014-03-30 16:46 - 02621440 _____ () C:\Users\Teoh Khai Siang\Downloads\Futuremark_SystemInfo_v426_installer.msi
2014-03-25 22:12 - 2014-03-25 22:13 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
2014-03-25 21:56 - 2014-03-25 21:57 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 21:56 - 2014-03-25 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-25 21:56 - 2014-03-25 21:56 - 00001328 _____ () C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:56 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 21:48 - 2014-03-25 21:51 - 00000000 ____D () C:\Users\Teoh Khai Siang\Documents\Thief
2014-03-23 16:44 - 2014-03-23 18:20 - 1007422198 _____ () C:\Users\Teoh Khai Siang\Downloads\3DMark-v1-2-362.zip
2014-03-22 20:47 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
2014-03-22 20:46 - 2014-03-22 20:46 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-22 20:46 - 2014-03-22 20:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 20:45 - 2014-03-22 20:53 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
2014-03-22 20:45 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 20:45 - 2014-03-04 22:35 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-22 20:45 - 2014-03-04 22:35 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-22 20:45 - 2014-03-04 21:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-22 20:45 - 2014-03-04 21:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-22 20:45 - 2014-03-04 21:05 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-22 20:45 - 2014-03-04 21:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-22 20:45 - 2014-03-04 21:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-22 20:45 - 2014-03-04 21:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-22 20:45 - 2014-02-05 17:31 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-22 20:45 - 2014-02-05 17:30 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-03-22 20:44 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-22 20:44 - 2014-03-04 22:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-22 20:44 - 2014-03-04 22:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-22 20:44 - 2014-03-04 22:35 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-22 20:44 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-22 20:44 - 2013-12-28 02:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-22 20:44 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-22 19:58 - 2014-03-22 19:58 - 00001991 _____ () C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
2014-03-22 19:57 - 2014-03-22 19:57 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
2014-03-22 19:54 - 2014-03-22 19:54 - 02765850 _____ () C:\Users\Teoh Khai Siang\Downloads\FireStorm_installer_2.0.5.exe
2014-03-18 22:04 - 2014-03-18 22:06 - 00000046 _____ () C:\Windows\lnk.txt
2014-03-15 17:45 - 2014-03-01 14:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 17:45 - 2014-03-01 13:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 17:45 - 2014-03-01 13:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 17:45 - 2014-03-01 12:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 17:45 - 2014-03-01 12:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 17:45 - 2014-03-01 12:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 17:45 - 2014-03-01 12:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 17:45 - 2014-03-01 12:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 17:45 - 2014-03-01 12:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 17:45 - 2014-03-01 12:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 17:45 - 2014-03-01 12:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 17:45 - 2014-03-01 12:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 17:45 - 2014-03-01 12:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 17:45 - 2014-03-01 12:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 17:45 - 2014-03-01 12:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 17:45 - 2014-03-01 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 17:45 - 2014-03-01 12:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 17:45 - 2014-03-01 11:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 17:45 - 2014-03-01 11:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 17:45 - 2014-03-01 11:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 17:45 - 2014-03-01 11:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 17:45 - 2014-03-01 11:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 17:45 - 2014-03-01 11:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 17:45 - 2014-03-01 11:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 17:45 - 2014-03-01 11:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 17:45 - 2014-03-01 11:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 17:45 - 2014-03-01 11:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 17:45 - 2014-03-01 11:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 17:45 - 2014-03-01 11:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 17:45 - 2014-03-01 11:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 17:45 - 2014-03-01 11:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 17:45 - 2014-03-01 11:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 17:45 - 2014-03-01 11:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 17:45 - 2014-03-01 11:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 17:45 - 2014-03-01 10:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 17:45 - 2014-03-01 10:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 17:45 - 2014-03-01 10:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 17:45 - 2014-03-01 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 17:45 - 2014-03-01 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 17:45 - 2014-03-01 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-15 17:40 - 2014-02-07 09:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 17:40 - 2014-02-04 10:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-15 17:40 - 2014-02-04 10:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 17:40 - 2014-02-04 10:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-15 17:40 - 2014-02-04 10:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 17:40 - 2014-01-29 10:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 17:40 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 17:40 - 2014-01-28 10:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-15 17:08 - 2014-04-06 19:31 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
2014-03-15 17:07 - 2014-03-15 17:07 - 00003200 _____ () C:\Windows\System32\Tasks\{C1824F5C-A447-4C64-9AEA-87C68DCE36E2}
2014-03-15 17:06 - 2014-03-15 17:28 - 232485456 _____ (NVIDIA Corporation) C:\Users\Teoh Khai Siang\Downloads\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe

==================== One Month Modified Files and Folders =======

2014-04-08 06:29 - 2014-04-08 06:29 - 00010779 _____ () C:\Users\Teoh Khai Siang\Desktop\FRST.txt
2014-04-08 06:29 - 2014-04-07 21:28 - 00000000 ____D () C:\FRST
2014-04-08 06:28 - 2009-07-14 12:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 06:28 - 2009-07-14 12:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 06:26 - 2014-04-08 06:26 - 00087280 _____ () C:\Users\Teoh Khai Siang\Desktop\OTL.Txt
2014-04-08 06:26 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 06:24 - 2014-04-08 06:23 - 00012487 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 06:21 - 2013-04-16 22:28 - 00000220 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-08 06:21 - 2013-04-16 22:28 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-04-08 06:21 - 2012-12-22 23:55 - 00000557 ____H () C:\Users\Public\Documents\bootracer.log
2014-04-08 06:21 - 2012-12-22 23:55 - 00000407 _____ () C:\Users\Public\Documents\bootracer.ini
2014-04-08 06:21 - 2012-12-22 23:55 - 00000000 ____D () C:\Program Files (x86)\BootRacer
2014-04-08 06:21 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 06:21 - 2009-07-14 12:45 - 00319096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 06:20 - 2012-12-23 00:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-08 06:20 - 2012-12-22 23:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 06:20 - 2012-12-22 23:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-08 06:19 - 2011-04-12 16:28 - 00000000 ____D () C:\Windows\ShellNew
2014-04-08 06:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-08 06:15 - 2013-10-06 16:45 - 00078848 _____ () C:\Windows\KMSEmulator.exe
2014-04-08 06:15 - 2013-04-16 22:28 - 00002740 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2014-04-07 23:35 - 2013-06-02 17:28 - 00000330 _____ () C:\Users\Teoh Khai Siang\Documents\Preset 0.mbcfg
2014-04-07 21:56 - 2014-04-07 21:56 - 00131595 _____ () C:\Users\Teoh Khai Siang\Desktop\Post.txt
2014-04-07 21:36 - 2012-12-27 19:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 21:06 - 2014-04-07 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-07 14:54 - 2014-04-07 21:06 - 01426178 _____ () C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
2014-04-07 14:02 - 2014-04-07 21:09 - 01016261 _____ (Thisisu) C:\Users\Teoh Khai Siang\Desktop\JRT.exe
2014-04-07 13:56 - 2014-04-07 21:09 - 02157056 _____ (Farbar) C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
2014-04-07 11:43 - 2014-04-07 21:08 - 00602112 _____ (OldTimer Tools) C:\Users\Teoh Khai Siang\Desktop\OTL.exe
2014-04-06 20:19 - 2014-04-06 20:19 - 00000533 _____ () C:\Users\Public\Desktop\Deus Ex The Fall.lnk
2014-04-06 20:06 - 2014-04-06 20:06 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
2014-04-06 20:04 - 2014-04-06 19:40 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2014-04-06 20:03 - 2014-04-06 19:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\ProgramData\IObit
2014-04-06 19:44 - 2014-04-06 19:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 19:31 - 2014-03-15 17:08 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
2014-04-06 18:53 - 2014-04-06 18:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Teoh Khai Siang\Downloads\HijackThis.exe
2014-04-06 18:01 - 2013-11-23 12:34 - 00002010 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 16:51 - 2014-04-06 16:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 16:51 - 2014-01-05 08:13 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-06 16:51 - 2013-11-23 12:32 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-06 16:51 - 2013-11-23 12:31 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-06 16:51 - 2013-11-23 12:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-06 16:51 - 2012-12-22 23:40 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-04 07:18 - 2014-04-02 23:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
2014-04-04 06:44 - 2014-04-04 06:44 - 00000000 ____D () C:\ProgramData\.mono
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-04-03 23:50 - 2014-04-03 23:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-04-03 21:39 - 2014-04-03 21:39 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-04-03 21:34 - 2014-04-03 21:34 - 00002058 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\ProgramData\Sony
2014-04-03 21:34 - 2014-04-03 21:34 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-03 21:34 - 2012-12-22 22:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-02 23:53 - 2014-04-02 23:40 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
2014-04-02 23:41 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
2014-04-02 23:41 - 2014-03-22 20:47 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
2014-04-02 23:18 - 2014-04-02 23:18 - 00000780 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-30 17:07 - 2013-07-24 22:22 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-03-30 16:48 - 2013-12-18 21:42 - 00001192 _____ () C:\Users\Public\Desktop\3DMark.lnk
2014-03-30 16:48 - 2013-11-11 19:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-30 16:48 - 2012-12-23 00:26 - 00000000 ____D () C:\Program Files\Futuremark
2014-03-30 16:47 - 2014-03-30 16:47 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-03-30 16:46 - 2014-03-30 16:46 - 02621440 _____ () C:\Users\Teoh Khai Siang\Downloads\Futuremark_SystemInfo_v426_installer.msi
2014-03-27 21:59 - 2012-12-26 23:39 - 02712576 _____ () C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
2014-03-25 22:14 - 2012-12-23 00:15 - 00000000 ____D () C:\Users\Teoh Khai Siang\Tracing
2014-03-25 22:13 - 2014-03-25 22:12 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\{A89310C3-B735-437D-B92F-78F44195678F}
2014-03-25 22:11 - 2012-12-25 10:16 - 00000000 ____D () C:\ProgramData\DatacardService
2014-03-25 21:57 - 2014-03-25 21:56 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 21:57 - 2014-03-25 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-25 21:56 - 2014-03-25 21:56 - 00001328 _____ () C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:51 - 2014-03-25 21:48 - 00000000 ____D () C:\Users\Teoh Khai Siang\Documents\Thief
2014-03-23 20:15 - 2014-01-12 18:49 - 00000913 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-03-23 18:20 - 2014-03-23 16:44 - 1007422198 _____ () C:\Users\Teoh Khai Siang\Downloads\3DMark-v1-2-362.zip
2014-03-23 16:30 - 2009-07-14 13:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 20:53 - 2014-03-22 20:45 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
2014-03-22 20:46 - 2014-03-22 20:46 - 00001347 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-03-22 20:46 - 2014-03-22 20:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 20:46 - 2014-02-14 23:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-22 20:45 - 2014-03-22 20:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-22 20:45 - 2014-03-22 20:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-22 20:45 - 2014-02-19 22:40 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-22 20:45 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2014-03-22 20:13 - 2014-02-14 23:20 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA Corporation
2014-03-22 19:58 - 2014-03-22 19:58 - 00001991 _____ () C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
2014-03-22 19:57 - 2014-03-22 19:57 - 00000000 ____D () C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
2014-03-22 19:57 - 2013-07-06 19:48 - 00000000 ____D () C:\Program Files (x86)\ZOTAC FireStorm
2014-03-22 19:54 - 2014-03-22 19:54 - 02765850 _____ () C:\Users\Teoh Khai Siang\Downloads\FireStorm_installer_2.0.5.exe
2014-03-18 22:06 - 2014-03-18 22:04 - 00000046 _____ () C:\Windows\lnk.txt
2014-03-15 18:38 - 2013-03-14 06:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 18:38 - 2013-03-14 06:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 17:48 - 2013-07-11 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-15 17:47 - 2012-12-26 19:38 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 17:36 - 2012-12-27 19:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 17:36 - 2012-12-27 19:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 17:36 - 2012-12-27 19:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-15 17:28 - 2014-03-15 17:06 - 232485456 _____ (NVIDIA Corporation) C:\Users\Teoh Khai Siang\Downloads\335.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-15 17:07 - 2014-03-15 17:07 - 00003200 _____ () C:\Windows\System32\Tasks\{C1824F5C-A447-4C64-9AEA-87C68DCE36E2}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-03 07:15

==================== End Of Log ============================


  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks. I need to get a new Extras.txt log and a coulpe of other scans. I have changed the settings for the OTL scan so please read them carefully.


Step-1.

otlicon.pngOTL Scan

Please re-open otlicon.png on the desktop. To do that:

  • Vista /7 users: right click the icon and click Run as Administrator.

Make sure all other windows are closed .

  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • At the top of the console click the greyed out None button<---Very Important
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use Safelist.<---Very Important
  • Click the box beside LOP Check and Purity Check
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • I don't need the OTL.txt log so close the file and open the Extras.txt log. It will be minimized on the taskbar. Please copy the contents of the file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-2.

Run aswMBR

  • Download aswMBR.exe  to your desktop.
  • Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    aswmbr1.jpg
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    AswMBR%20scan.JPG
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    aswMBR2.png

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

MGA Diagnostic Tool

  • Download the MGADiag Tool and save it to the desktop.
  • Right Click the MGADiag.exefile and click Run as Administrator to run the program. OK any UAC warnings
  • Click the Continue button
  • Wait for the aerobuoto.gif to finish loading with your system information
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report in your next reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MGA Diagnostics report.
2. The aswMBR log
3. The Extras.txt log
 

 


  • 0

#5
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi godawgs,

 

Here are the log as requested.

 

1. The MGA Diagnostics report

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-BWGQ9-8P6WX-4FTX6
Windows Product Key Hash: ldz2iWUtERECY5znGqiBp3JYc58=
Windows Product ID: 00359-OEM-8783745-01329
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {B9BF4EEE-E21F-4F3E-863B-29BAF4A33064}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B9BF4EEE-E21F-4F3E-863B-29BAF4A33064}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-4FTX6</PKey><PID>00359-OEM-8783745-01329</PID><PIDType>3</PIDType><SID>S-1-5-21-1729804402-3177559583-490602787</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>DZ68DB__</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>DBZ6810H.86A.0032.2011.0928.1502</Version><SMBIOSVersion major="2" minor="6"/><Date>20110928000000.000000+000</Date></BIOS><HWID>B6613807018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-837-401329-02-1033-7601.0000-3572012
Installation ID: 019282928894271795166421964971301015844546667672132484
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 4FTX6
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 4/8/2014 9:06:36 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAEAAAADAAAAAwABAAEAln3eZffafOnGpwgOrIQiRuJKsZkSDdZ+UUEucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   INTEL   DZ68DB 
  FACP   INTEL   DZ68DB 
  HPET   INTEL   DZ68DB 
  MCFG   INTEL   DZ68DB 
  SSDT   INTEL   DZ68DB 

 

 

2. The aswMBR log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-08 20:58:36
-----------------------------
20:58:36.583    OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:36.583    Number of processors: 8 586 0x2A07
20:58:36.584    ComputerName: TEOHKHAISIANG  UserName:
20:58:36.718    Initialize success
20:58:39.477    AVAST engine defs: 14040700
20:58:56.472    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:58:56.473    Disk 0 Vendor: INTEL_SSDSC2CT120A3 300i Size: 114473MB BusType: 11
20:58:56.480    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
20:58:56.482    Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ100E5 Size: 953869MB BusType: 11
20:58:56.489    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
20:58:56.491    Disk 2 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
20:58:56.502    Disk 0 MBR read successfully
20:58:56.504    Disk 0 MBR scan
20:58:56.506    Disk 0 Windows 7 default MBR code
20:58:56.508    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:58:56.510    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
20:58:56.516    Disk 0 scanning C:\Windows\system32\drivers
20:58:58.327    Service scanning
20:59:02.427    Modules scanning
20:59:02.432    Disk 0 trace - called modules:
20:59:02.436    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:59:02.440    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006de8790]
20:59:02.442    3 CLASSPNP.SYS[fffff880018f043f] -> nt!IofCallDriver -> [0xfffffa800675a3f0]
20:59:02.445    5 ACPI.sys[fffff88000f427a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006800060]
20:59:02.581    AVAST engine scan C:\Windows
20:59:02.919    AVAST engine scan C:\Windows\system32
20:59:33.933    AVAST engine scan C:\Windows\system32\drivers
20:59:36.195    AVAST engine scan C:\Users\Teoh Khai Siang
21:00:15.618    AVAST engine scan C:\ProgramData
21:00:23.483    Scan finished successfully
21:06:19.016    Disk 0 MBR has been saved successfully to "C:\Users\Teoh Khai Siang\Desktop\MBR.dat"
21:06:19.019    The log file has been saved successfully to "C:\Users\Teoh Khai Siang\Desktop\aswMBR.txt"

 

3. The Extras.txt log

 

OTL Extras logfile created on: 4/8/2014 8:56:36 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Teoh Khai Siang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.82% Memory free
15.95 Gb Paging File | 13.51 Gb Available in Paging File | 84.68% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 63.65 Gb Free Space | 56.99% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 407.55 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 492.53 Gb Free Space | 52.87% Space Free | Partition Type: NTFS
Drive H: | 29.80 Gb Total Space | 14.92 Gb Free Space | 50.06% Space Free | Partition Type: FAT32
 
Computer Name: TEOHKHAISIANG | User Name: Teoh Khai Siang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D2BD54-17CE-4B71-86BD-F052CE590123}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{12196E78-A823-413A-AD14-9263A70D3B2C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14FC3FB1-665B-4191-8E8A-1E84B85DF66F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{1E4CA900-DE58-450B-BDC0-9E55DB412157}" = lport=10243 | protocol=6 | dir=in | app=system |
"{24BBA274-E0AC-4F16-9244-289FCE388542}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26D52B96-A51D-4B0D-BD9F-6F53133FA7AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D59A4AD-FCA5-4AD0-B0A3-133248908DB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3766D884-B642-4446-921D-7C50F935A8EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{52BA55FF-960A-4095-94B2-1545C9B08D25}" = rport=139 | protocol=6 | dir=out | app=system |
"{5364EC47-452B-4C7D-8008-D5005183050B}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{57526C53-EC41-48F7-BC3A-49EC64CEB9DC}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6F52797B-5FCB-4FD4-9A47-6070DAA02EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76EEC34D-9BA3-4667-B82F-19B915D0E24A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B6384F9-79F1-460C-B7F0-0FAC66D81715}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7E1AAA5A-EF56-457A-AD8D-3B6121C0B9AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{802174C1-2600-43A0-86AE-81E5AEB5102B}" = lport=137 | protocol=17 | dir=in | app=system |
"{84A87131-509F-499C-9D7C-9B6EF554D8E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{89BFEBA2-B134-4A2B-A92E-5391DD21DE50}" = rport=445 | protocol=6 | dir=out | app=system |
"{89D8A668-C25D-4B56-9561-B3A431439EFA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9F74DB68-4C04-4FB1-B3E3-D101DA0087D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{A14ABA8C-ADC0-4146-B14F-4AD507948BD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0ACDAF5-F4C1-4677-9300-81F944C17F64}" = rport=137 | protocol=17 | dir=out | app=system |
"{B6B561DC-4F43-470B-B08D-295E552384B0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB1E439A-7F3B-4796-BA05-E53A9C682305}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFB4E0E4-7728-4C23-81F3-43300C443ADA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EACAB84F-E222-4476-B6BB-74D1C9D571C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{EAFE0A4A-6952-4FF4-87EF-719A9DFC90BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9C3BE53-1C77-42E9-8E9D-C1158916D089}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC5F6D9A-387A-4E82-A604-3F48721AB9C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003ABFC0-336E-4339-A893-24227157A25E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{00A4CDE4-20D2-4F52-8041-85E4D6EC6A3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0252DE88-9235-43F3-AAAC-9C67E449F758}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{054C3F00-F883-451A-8832-BB2A5B5A041F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{0736FC33-E8E0-4CE9-A8AD-56A62B45F910}" = protocol=58 | dir=out | [email protected],-28546 |
"{0C38F6C3-96F0-47D7-97EA-91E2FDF37D4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE7AFF6-88B9-4774-9F27-0806E7DE4806}" = dir=in | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{0ECFDF42-86B8-4DFE-BD45-19FA7A52CC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EF1CCEB-3148-4D53-B7F6-6EA3DA82E475}" = protocol=6 | dir=out | app=system |
"{14CD9322-55E7-4608-8433-11D7FA008855}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{1DF99CD1-E4C6-4838-AECD-2C710816FAF8}" = protocol=1 | dir=out | [email protected],-28544 |
"{23F70036-CA01-4DE7-8784-7D807A6DA4C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{2BF1D4AC-6AB0-4E10-AA9F-42BF9067B309}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{310B9B99-B315-4121-9009-983C8BD6EDC4}" = protocol=6 | dir=in | app=d:\my games\starcraft ii\versions\base24944\sc2.exe |
"{3A143A18-2EEA-47BB-8143-787A604DDE74}" = dir=out | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{4B1CAFB8-1CE6-47E3-9AF1-F95B0E88FDDD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E882C38-54F9-4CA9-89D9-07A3459A0CB2}" = protocol=6 | dir=in | app=d:\my games\resident evil 6 benchmark\re6.exe |
"{55040B23-E018-46E4-9167-149418E80473}" = dir=in | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{5E55DF3B-A9BE-4C74-8675-87E2569D34E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{616BE92B-81C0-414E-AB7A-EEC406B51511}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{6681935D-3309-4C01-98D3-A4A24DE7A533}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{692890FA-CBD3-413E-9204-1B715B8CB198}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BDFAA1E-CECE-4FC5-BA49-E204B73C98C2}" = protocol=17 | dir=in | app=d:\my games\diablo iii\diablo iii.exe |
"{87D5CCC6-EF5C-4E0F-88CE-A78C6D21C89F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{8A4C1A9D-5635-4175-B763-78CE998AECD7}" = dir=out | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{902F04E0-8B56-4AC0-A297-396D6CB5556F}" = dir=out | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{95B9F3B8-E92B-4F4C-89DC-228696FF1E02}" = protocol=17 | dir=in | app=d:\my games\starcraft ii\versions\base24944\sc2.exe |
"{9F7DF3E5-3BEB-43FD-9249-8A126C3E4B0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1F4B2A0-060F-4BB6-A6BA-4CF7E21FD788}" = protocol=58 | dir=in | [email protected],-28545 |
"{A3DB77B7-4180-40B3-91F3-CC3F2124C4E1}" = protocol=6 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{A6CAA2EA-153D-47D4-B6F6-B2E56376B2E8}" = protocol=17 | dir=in | app=d:\my games\starcraft ii\versions\base24944\sc2.exe |
"{AC8F6158-A0EB-4B4A-A1DF-5E37A641EF47}" = protocol=1 | dir=in | [email protected],-28543 |
"{AF8C5122-D639-4A41-8C08-38AC4DC224FF}" = protocol=17 | dir=in | app=d:\my games\battle.net\battle.net.exe |
"{BEF3FB2A-8716-4307-A7F9-F3092E31E5CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C4AC24CE-D36E-4C40-BF45-BB67E75F36C4}" = protocol=6 | dir=in | app=d:\my games\starcraft ii\versions\base24944\sc2.exe |
"{C5493020-26F1-49AC-A46B-1960AA10102C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C72CA98F-FC25-447B-9B74-0C2D29C6F39C}" = protocol=17 | dir=in | app=d:\my games\resident evil 6 benchmark\re6.exe |
"{CB0F208E-AAC3-4A8E-AEE8-EC5E6921A4AF}" = protocol=6 | dir=in | app=d:\my games\battle.net\battle.net.exe |
"{D70EB7B9-AC60-44E5-94F6-A7757798C157}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECD21C30-4D4C-4FEE-8093-265569B6360E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe |
"{F3B65CD3-5ED6-4B68-94A4-0EDD250C1A17}" = dir=in | app=c:\program files (x86)\pogoplugpc\ppserver.exe |
"{F4185338-EF19-4789-A46F-53F50F14A217}" = protocol=6 | dir=in | app=d:\my games\diablo iii\diablo iii.exe |
"{F5A4DA3E-E4A0-4B22-B267-251D8CF656F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9872A16-715F-4A94-AEEE-BC7967A7099F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDB7234B-43AF-4CFF-932E-EF1A45A0F917}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{24BC4B5F-38A1-44DE-87C0-70B7FFDF1FD6}D:\my games\splinter cell blacklist\src\system\blacklist_game.exe" = protocol=6 | dir=in | app=d:\my games\splinter cell blacklist\src\system\blacklist_game.exe |
"TCP Query User{5727DFE6-50A1-4E7D-8831-32491921BE50}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\roccat\power-grid\roccatpowergrid.exe |
"TCP Query User{661D4721-C585-4087-8568-F06A4D62CAA9}D:\my games\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\my games\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{6EA405B7-10BF-41C3-81EA-68667C142192}D:\my games\assassin's creed liberation hd\ac3lhd_32.exe" = protocol=6 | dir=in | app=d:\my games\assassin's creed liberation hd\ac3lhd_32.exe |
"TCP Query User{779AD323-9EAE-462A-A5A7-1F6B57D88F31}D:\my games\metro last light\metrollbenchmark.exe" = protocol=6 | dir=in | app=d:\my games\metro last light\metrollbenchmark.exe |
"TCP Query User{8C0FE2AB-C329-4663-808D-60E727FAAC58}D:\my games\might and magic x legacy\might and magic x legacy.exe" = protocol=6 | dir=in | app=d:\my games\might and magic x legacy\might and magic x legacy.exe |
"TCP Query User{90E5970F-F2BD-4AD5-89A4-82E20D925F21}D:\my games\company of heroes 2\reliccoh2.exe" = protocol=6 | dir=in | app=d:\my games\company of heroes 2\reliccoh2.exe |
"TCP Query User{9B65A596-01E5-4D52-BE42-3BFD8886D08F}D:\my games\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\my games\total war rome ii\rome2.exe |
"TCP Query User{9E56541B-7547-451B-B250-5626A8638181}D:\my games\dmc devil may cry vergils downfall\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=d:\my games\dmc devil may cry vergils downfall\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{D3E40E6F-A91D-4AF0-83A8-58723378496B}D:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{D4B55B3B-5F71-41AD-8A6E-30D2A390BD1D}D:\my games\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=6 | dir=in | app=d:\my games\mortal kombat komplete edition\disccontentpc\mkke.exe |
"TCP Query User{E5842FAA-555A-46B9-BBFE-1A4A832E3C73}D:\my games\battlefield 4\bf4.exe" = protocol=6 | dir=in | app=d:\my games\battlefield 4\bf4.exe |
"TCP Query User{FB7A1C5E-8862-45C9-934A-7185B846D32E}D:\my games\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\my games\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{FF052C4D-FA1F-42F1-AA89-2D5261F7AFD6}D:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{091A4318-8A60-44C3-9D21-A02E68BA486A}D:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{35B43C41-EA8B-434F-ACD7-8CA5B9BA6FCF}C:\program files (x86)\roccat\power-grid\roccatpowergrid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\roccat\power-grid\roccatpowergrid.exe |
"UDP Query User{4C276EF5-52BB-4303-AF3D-F2BBA542FC9F}D:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\my games\r.g. catalyst\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{51CA724B-54D3-4DF6-8B87-D1985F801D0A}D:\my games\might and magic x legacy\might and magic x legacy.exe" = protocol=17 | dir=in | app=d:\my games\might and magic x legacy\might and magic x legacy.exe |
"UDP Query User{67EF0455-7034-4F40-AABC-103EEF72B5EA}D:\my games\splinter cell blacklist\src\system\blacklist_game.exe" = protocol=17 | dir=in | app=d:\my games\splinter cell blacklist\src\system\blacklist_game.exe |
"UDP Query User{83880247-E2EA-4B01-83CB-F6632DE145E8}D:\my games\battlefield 4\bf4.exe" = protocol=17 | dir=in | app=d:\my games\battlefield 4\bf4.exe |
"UDP Query User{9FD45DE7-03EA-40AB-9FC4-86CA96DF4B8D}D:\my games\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\my games\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{B78E27B5-F482-461B-A0A3-27005F576FF0}D:\my games\company of heroes 2\reliccoh2.exe" = protocol=17 | dir=in | app=d:\my games\company of heroes 2\reliccoh2.exe |
"UDP Query User{BB1B4763-448D-4987-B720-0BBCB7823993}D:\my games\metro last light\metrollbenchmark.exe" = protocol=17 | dir=in | app=d:\my games\metro last light\metrollbenchmark.exe |
"UDP Query User{BC86B189-5B6C-4860-9F35-6E95B7583757}D:\my games\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\my games\total war rome ii\rome2.exe |
"UDP Query User{CDB780E5-7497-4A55-92A2-8DE92EC23390}D:\my games\dmc devil may cry vergils downfall\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=d:\my games\dmc devil may cry vergils downfall\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{D0306D7C-DE45-44E5-8E41-ECE420421658}D:\my games\mortal kombat komplete edition\disccontentpc\mkke.exe" = protocol=17 | dir=in | app=d:\my games\mortal kombat komplete edition\disccontentpc\mkke.exe |
"UDP Query User{D8D1B80C-F671-43EC-9407-CB32D1483927}D:\my games\assassin's creed liberation hd\ac3lhd_32.exe" = protocol=17 | dir=in | app=d:\my games\assassin's creed liberation hd\ac3lhd_32.exe |
"UDP Query User{DA26638D-DC45-4AA1-8D44-7CBFBFB29D0A}D:\my games\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\my games\dishonored\binaries\win32\dishonored.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{5B6A2B8B-2310-4404-A137-29163C554B7A}" = 3DMark
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel® Network Connections 17.4.95.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.69
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.24
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.3
"Defraggler" = Defraggler
"PogoplugPC" = Pogoplug PC
"PROSetDX" = Intel® Network Connections 17.4.95.0
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0343CD8E-625A-47FF-BC7E-92BCDF2E5929}" = Resident Evil 6 Benchmark
"{06D085C8-1F00-11B2-96A7-8f0CE39193ED}" = Intel® SSD Toolbox
"{09bcda7c-254d-46b5-bada-61e611bba738}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{151F4583-1A05-46D9-8A0E-8F61B9C3502B}_is1" = Call Of Pripyat Benchmark 1.6.02
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38f32cea-14ce-4349-882e-8779bcd45e5c}" = 3DMark
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E711815-5F4E-47F2-B1E1-C0B43A8D57F3}" = AIVIA GHOST
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{53CE0AE1-8092-4702-B1A6-99BBFB2344A6}_is1" = Fallout New Vegas version 1.3.0.452
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TL-WN822N/TL-WN821N Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{779468AF-3247-4272-8DC5-F0A2F73C544B}_is1" = The Incredible Adventures of Van Helsing
"{78091D68-706D-4893-B287-9F1DFB24F7AF}" = Intel® Update Manager
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1" = ROCCAT Power-Grid version 0.458
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A39CE04E-255B-4B75-86B6-8787660E0B24}" = BootRacer
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36F3F6C-8411-4738-AF52-90536270C65B}_is1" = BioShock Infinite version 5.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EF7EA37B-C009-4D53-AE2A-FF7C6AEC35CE}" = Futuremark SystemInfo
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.197
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F14EDCE5-B45D-4D77-A5B8-C7513E5C7BDA}" = Castlevania Lords of Shadow
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F371CE3B-8994-44E3-9518-92B22EE4A7FF}" = SSDlife Free
"{FDA7E907-6539-42C1-9721-0239C281B336}" = TP-LINK TL-WN8200ND Driver
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ_is1" = ¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Afterburner" = MSI Afterburner 3.0.0 Beta 18
"Assassins Creed IV Black Flag_is1" = Assassins Creed IV Black Flag
"Assassin's Creed Liberation HD_is1" = Assassin's Creed Liberation HD
"Avast" = avast! Free Antivirus
"Baldur's Gate - Enhanced Edition_is1" = Baldur's Gate - Enhanced Edition
"BatmanOrigins_is1" = BatmanOrigins version BatmanOrigins
"Battle.net" = Battle.net
"Battlefield 4_is1" = Battlefield 4 version Battlefield 4
"Borderlands 2_is1" = «Borderlands 2»  1.3.1.0
"Call of Duty Ghosts_is1" = Call of Duty Ghosts
"Company of Heroes 2_is1" = Company of Heroes 2
"Crysis 3_R.G. Mechanics_is1" = Crysis 3
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.0.1
"Deadpool_is1" = Deadpool
"Deus Ex Human Revolution - The Missing Link_is1" = Deus Ex Human Revolution - The Missing Link
"Deus ex Human Revolution_is1" = Deus ex Human Revolution
"Diablo III" = Diablo III
"Dishonored_is1" = Dishonored
"DMC Devil May Cry Vergils Downfall_is1" = DMC Devil May Cry Vergils Downfall
"Driver Fusion" = Driver Fusion
"Dungeons and Dragons Daggerdale_is1" = Dungeons and Dragons Daggerdale
"Fraps" = Fraps
"HD Tune_is1" = HD Tune 2.55
"Hitman Absolution_is1" = Hitman Absolution
"Injustice Gods Among Us Ultimate Edition_is1" = Injustice Gods Among Us Ultimate Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.3 Standard
"Lost Planet 3_is1" = Lost Planet 3
"Magic 2014 — Duels of the Planeswalkers_is1" = Magic 2014 — Duels of the Planeswalkers
"Magic The Gathering - Duels of the Planeswalkers 2013_is1" = Magic The Gathering - Duels of the Planeswalkers 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Metal Gear Rising: Revengeance_is1" = Metal Gear Rising: Revengeance
"Mortal Kombat Komplete Edition_is1" = Mortal Kombat Komplete Edition
"OpenAL" = OpenAL
"PrecisionX" = EVGA Precision X 4.2.1
"QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1" = Assassins Creed IV Black Flag Freedom Cry
"RGV1c0V4VGhlRmFsbA==_is1" = Deus Ex: The Fall
"Shadowrun Returns_is1" = Shadowrun Returns
"StarCraft II Heart Of Swarm_is1" = StarCraft II Heart Of Swarm
"The Bureau XCOM Declassified_is1" = The Bureau XCOM Declassified
"The Elder Scrolls V: Skyrim - Legendary Edition_is1" = The Elder Scrolls V: Skyrim - Legendary Edition
"Thief_is1" = Thief version Thief
"Tom Clancy`s Splinter Cell® Blacklist™_is1" = Tom Clancy`s Splinter Cell® Blacklist™
"Tombraider_is1" = Tombraider
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"Total War ROME II_is1" = Total War ROME II
"TWlnaHRhbmRNYWdpY1hMZWdhY3k=_is1" = Might and Magic X Legacy
"TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light © Deep Silver version 1
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
"Update Engine" = Sony Mobile Update Engine
"WinLiveSuite" = Windows Live Essentials
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1729804402-3177559583-490602787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/7/2013 8:03:29 PM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/8/2013 10:37:00 AM | Computer Name = TeohKhaiSiang | Source = NvStreamSvc | ID = 131073
Description =
 
Error - 11/8/2013 10:37:00 AM | Computer Name = TeohKhaiSiang | Source = NvStreamSvc | ID = 131073
Description =
 
Error - 11/8/2013 10:37:00 AM | Computer Name = TeohKhaiSiang | Source = NvStreamSvc | ID = 131073
Description =
 
Error - 11/8/2013 10:38:49 AM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/8/2013 10:23:52 PM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/9/2013 2:44:01 AM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/9/2013 4:58:09 AM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/9/2013 8:30:55 PM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
Error - 11/11/2013 5:54:19 AM | Computer Name = TeohKhaiSiang | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 4/6/2014 7:32:15 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/6/2014 7:44:40 AM | Computer Name = TeohKhaiSiang | Source = Service Control Manager | ID = 7030
Description = The Advanced SystemCare Service 6 service is marked as an interactive
 service.  However, the system is configured to not allow interactive services.
 This service may not function properly.
 
Error - 4/6/2014 8:06:00 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/6/2014 8:08:43 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/6/2014 8:42:06 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/7/2014 9:05:11 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/7/2014 10:57:36 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/7/2014 6:15:10 PM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/7/2014 6:21:26 PM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
Error - 4/8/2014 8:50:46 AM | Computer Name = TeohKhaiSiang | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126 
 
 
< End of report >
 


  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi,

Thanks for the logs. The aswMBR scan didn't show anything wrong with the Master Boot Record.

1. Can you tell me what this program is and did you install it?
¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ

2. Is your Internet Service Provider Packet One Networks (M) Sdn or P1NETWORKS-MY in Kuala Lumpur, Malaysia?

3. If you still have the AdwCleaner program on the computer please open it and click the Uninstall button  and uninstall the program. If the program is no longer installed delete the C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe file and the C:\AdwCleaner folder.

4. Do you have any AdwCleaner or JRT text logs?

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

  • Right-click on pbsvc.exe and select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.

Once I give the all clear you can use the very same tool for removing PunkBuster Services(pbsvc.exe) to re-install again if you so wish.


Step-1.

otlicon.pngOTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
To disable MBAM

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/04/08 06:21:28 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/08 06:21:27 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/04/08 06:15:21 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon

:REG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe" = -
"UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe" = -

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions above.
2. The OTL fixes log
3. Any AdwCleaner or JRT logs you may have.


  • 0

#7
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi godawgs, please find my reply below in red with regards to your question. Unfortunately, I am not with my desktop at the moment. So I won't be able to run the OTL fix you prescribed below. :)

Hi,

Thanks for the logs. The aswMBR scan didn't show anything wrong with the Master Boot Record.

1. Can you tell me what this program is and did you install it?
¡¶ËÀÍö¿Õ¼ä3¡·ÓÎÏÀ°¿Ï躺»¯ÖÐÎÄÓ²ÅÌ°æ

Yes, I installed it. If not mistaken, it was a chinese game. It has not been used for a long time already, so if there is any help I will remove it later.

2. Is your Internet Service Provider Packet One Networks (M) Sdn or P1NETWORKS-MY in Kuala Lumpur, Malaysia?

Yes, correct.

3. If you still have the AdwCleaner program on the computer please open it and click the Uninstall button  and uninstall the program. If the program is no longer installed delete the C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe file and the C:\AdwCleaner folder.

Ok, I will do so.

4. Do you have any AdwCleaner or JRT text logs?

I do. In fact, i have just run it earlier today and removed whatever items it detected. Would it be ok if I still use the "Quote" you provided me below?

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

  • Right-click on pbsvc.exe and select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.

Once I give the all clear you can use the very same tool for removing PunkBuster Services(pbsvc.exe) to re-install again if you so wish.


Step-1.

otlicon.pngOTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
To disable MBAM

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun
O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit
[2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/04/08 06:21:28 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/08 06:21:27 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/04/08 06:15:21 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon

:REG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe" = -
"UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe" = -

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions above.
2. The OTL fixes log
3. Any AdwCleaner or JRT logs you may have.

 


  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks for the information.
 

4. Do you have any AdwCleaner or JRT text logs?
I do. In fact, i have just run it earlier today and removed whatever items it detected.

Please do not run any fixes on your own or install any software or make any other changes to the system while we are cleaning it unless I ask you to do so.
 

Would it be ok if I still use the "Quote" you provided me below?

I don't know what you mean by this.
 

 


  • 0

#9
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thanks for the information.
 

4. Do you have any AdwCleaner or JRT text logs?
I do. In fact, i have just run it earlier today and removed whatever items it detected.

Please do not run any fixes on your own or install any software or make any other changes to the system while we are cleaning it unless I ask you to do so.
 

Would it be ok if I still use the "Quote" you provided me below?

I don't know what you mean by this.
 

 

Noted now with thanks.

 

What I earlier meant was; since I have already run the AdwCleaner and JRT earlier :(, would the fix code you prescribed above still be applicable? The OTL logs that I earlier provided was before I ran the clean.


  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Yes. Please run the fix and post the logs I requested.


  • 0

Advertisements


#11
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yes. Please run the fix and post the logs I requested.

Hi, the RegSvr32 error is still there after running the OTL fix. Anyway, below are the latest logs as requested.

 

Edit: The AdwCleaner and JRT logs are the ones that I have earlier run in the morning (my time).

 

OTL fixes log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!
Error: Unable to interpret < O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret < O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit> in the current context!
Error: Unable to interpret < [2014/04/08 06:21:28 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job> in the current context!
Error: Unable to interpret < [2014/04/08 06:21:27 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job> in the current context!
Error: Unable to interpret < [2014/04/08 06:15:21 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe> in the current context!
Error: Unable to interpret < [2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe> in the current context!
Error: Unable to interpret < [2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini> in the current context!
Error: Unable to interpret < [2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret < :REG> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret < "TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe" = -> in the current context!
Error: Unable to interpret < "UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe" = -> in the current context!
Error: Unable to interpret < :FILES> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state ON /c> in the current context!
Error: Unable to interpret < :COMMANDS> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Teoh Khai Siang
->Temp folder emptied: 3127841 bytes
->Temporary Internet Files folder emptied: 264466076 bytes
->Java cache emptied: 47821 bytes
->Flash cache emptied: 612 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4834 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes
RecycleBin emptied: 125434 bytes
 
Total Files Cleaned = 255.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04092014_230244

Files\Folders moved on Reboot...
C:\Users\Teoh Khai Siang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSJK2TKJ\fastbutton[4].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSJK2TKJ\postmessageRelay[2].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQYBDVNS\338409-regsvr32-error-message-on-boot-up-module-failed-to-load[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE17SMD2\+2480[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE17SMD2\zrt_lookup[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NO0FFSDO\HardwareQuestions&Answers[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEGP1FXN\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEGP1FXN\si[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEGP1FXN\si[2].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2VYXEFB\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2VYXEFB\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K27DSBUX\ads[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K27DSBUX\ads[2].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K27DSBUX\like[2].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AES4M0F8\8n77RrR4jg0[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CXYFCIA\ads[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CXYFCIA\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89N45P7R\8n77RrR4jg0[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

AdwCleaner

 

# AdwCleaner v3.023 - Report created 09/04/2014 at 06:37:20
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Teoh Khai Siang - TEOHKHAISIANG
# Running from : C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Teoh Khai Siang\AppData\Roaming\Solvusoft
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\80d88bb269b945
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

*************************

AdwCleaner[R0].txt - [3396 octets] - [07/04/2014 21:06:27]
AdwCleaner[R1].txt - [2426 octets] - [09/04/2014 06:36:46]
AdwCleaner[S0].txt - [2291 octets] - [09/04/2014 06:37:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2351 octets] ##########

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Teoh Khai Siang on Wed 04/09/2014 at  6:30:04.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1729804402-3177559583-490602787-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Teoh Khai Siang\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Teoh Khai Siang\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Teoh Khai Siang\appdata\locallow\delta"
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{4C9AB525-A89F-42DF-AD36-8A0F29D08669}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{724AAEAC-7058-4CA2-B897-CB31DE57B16B}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{8B556BFF-B18E-42B3-9BD5-F5F2E7384798}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{9B497BC9-795B-497B-8882-A0010FC61F5A}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{A76941C5-484F-4ED1-9D74-6A4A187E5490}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{A89310C3-B735-437D-B92F-78F44195678F}
Successfully deleted: [Empty Folder] C:\Users\Teoh Khai Siang\appdata\local\{BF5DF601-5FA3-4DBE-9B44-E041D412998D}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/09/2014 at  6:34:30.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by rav3n82, 09 April 2014 - 09:18 AM.

  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello,

It doesn't look like the OTL fix ran. Normally when we get the Error: Unable to interpret messages in front of the lines it indicates that you clicked the Run Scan button instead of the Run FIX button.

Please go back to Setp 1 in post #6 and rerun the fix. Please be sure that you click the Run FIX button.

Post the new OTL fixes log, please.
 


  • 0

#13
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello,

It doesn't look like the OTL fix ran. Normally when we get the Error: Unable to interpret messages in front of the lines it indicates that you clicked the Run Scan button instead of the Run FIX button.

Please go back to Setp 1 in post #6 and rerun the fix. Please be sure that you click the Run FIX button.

Post the new OTL fixes log, please.
 

Hi, I followed the exact steps in Step 1, Post #6 and re-run again the Run FIX, and here are the logs:

 

Edit: If it's of any help, the System Restore settings on my PC is currently turned off.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...66B647002239141> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Uddgmedia] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!
Error: Unable to interpret < O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret < O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!
Error: Unable to interpret < O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\Shell\AutoRun\command - "" = G:\Startme.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\Shell\AutoRun\command - "" = G:\AutoRun.exe> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\IObit> in the current context!
Error: Unable to interpret < [2014/04/06 19:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit> in the current context!
Error: Unable to interpret < [2014/04/08 06:21:28 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job> in the current context!
Error: Unable to interpret < [2014/04/08 06:21:27 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job> in the current context!
Error: Unable to interpret < [2014/04/08 06:15:21 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe> in the current context!
Error: Unable to interpret < [2013/04/16 22:28:55 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe> in the current context!
Error: Unable to interpret < [2013/04/16 22:28:55 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini> in the current context!
Error: Unable to interpret < [2013/04/15 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret < :REG> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!
Error: Unable to interpret < "TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe" = -> in the current context!
Error: Unable to interpret < "UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe" = -> in the current context!
Error: Unable to interpret < :FILES> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state ON /c> in the current context!
Error: Unable to interpret < :COMMANDS> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Teoh Khai Siang
->Temp folder emptied: 17196 bytes
->Temporary Internet Files folder emptied: 4040078 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04102014_054006

Files\Folders moved on Reboot...
C:\Users\Teoh Khai Siang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Edited by rav3n82, 09 April 2014 - 03:48 PM.

  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks for the info. It appears that something is happening when you copy the text in the OTL fix and then paste in into the text box in OTL. Let's try this a different way.

 

 

otlicon.pngOTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

1. Download the attached Fix.txt file and save it to the desktop.
2. Please re-open otlicon.png on your desktop.
3. Click the runFixbutton.png button.
When prompted with:

No fix has been provided!
Click Ok to load it from a file or Cancel to cancel

4. Click the OK button. A standard file open dialog window will open.
5. Navigate to the desktop. Find the Fix.txt file and click it. That will put it in the File Open box.
6. Click the Open button.
OTL will load the file automatically and the program will run the fix.
7. Let the program run unhindered.
8. OTL may ask to reboot the machine. Please do so if asked.
9. A report will open. Copy and Paste that report in your next reply.
10. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
11. Run OTL again and click the qscan.png button. Post the log it produces in your next reply.

 

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log


 

[attachment=70042:Fix.txt]


  • 0

#15
rav3n82

rav3n82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi, for once it appears that the RegSvr32 error was not present after I boot up. :)

 

Here are the logs:

 

OTL fixes

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uddgmedia deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{471e9465-6a26-11e2-ae3a-002215a9f666}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{471e9465-6a26-11e2-ae3a-002215a9f666}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{471e9465-6a26-11e2-ae3a-002215a9f666}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{471e947f-6a26-11e2-ae3a-002215a9f666}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{471e947f-6a26-11e2-ae3a-002215a9f666}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e26de56e-bb30-11e3-a68f-002215a9f666}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e26de56e-bb30-11e3-a68f-002215a9f666}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e26de56e-bb30-11e3-a68f-002215a9f666}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed2db96b-4e38-11e2-a250-002215a9f666}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed2db96b-4e38-11e2-a250-002215a9f666}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed2db96b-4e38-11e2-a250-002215a9f666}\ not found.
File G:\AutoRun.exe not found.
C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Teoh Khai Siang\AppData\Roaming\IObit folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Boottime folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job moved successfully.
C:\Windows\KMSEmulator.exe moved successfully.
C:\Windows\AutoKMS.exe moved successfully.
C:\Windows\AutoKMS.ini moved successfully.
Folder C:\Users\Teoh Khai Siang\AppData\Roaming\Babylon\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDBBE8FD-D3E8-4C57-80C4-39B7284D5646}C:\windows\kmsemulator.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0033BAE3-E8FC-4202-90E1-DC7EFA0CF6C4}C:\windows\kmsemulator.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Teoh Khai Siang\Desktop\cmd.bat deleted successfully.
C:\Users\Teoh Khai Siang\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Teoh Khai Siang\Desktop\cmd.bat deleted successfully.
C:\Users\Teoh Khai Siang\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Teoh Khai Siang\Desktop\cmd.bat deleted successfully.
C:\Users\Teoh Khai Siang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Teoh Khai Siang
->Temp folder emptied: 157746 bytes
->Temporary Internet Files folder emptied: 78660957 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 75.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04112014_061728

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
C:\Users\Teoh Khai Siang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNXP2L8R\fastbutton[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0WOABDG\332258-regsvr32-error-msg-module-failed-to-load-closed-solved[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0WOABDG\338409-regsvr32-error-message-on-boot-up-module-failed-to-load[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0WOABDG\8n77RrR4jg0[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0WOABDG\like[4].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LOD5CUV\like[4].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\8n77RrR4jg0[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\fastbutton[1].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\postmessageRelay[2].htm moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6E7T48\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Teoh Khai Siang\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL.txt

 

OTL logfile created on: 4/11/2014 6:24:52 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Teoh Khai Siang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.48% Memory free
15.95 Gb Paging File | 14.11 Gb Available in Paging File | 88.46% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 63.88 Gb Free Space | 57.20% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 407.55 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 492.53 Gb Free Space | 52.87% Space Free | Partition Type: NTFS
 
Computer Name: TEOHKHAISIANG | User Name: Teoh Khai Siang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
PRC - [2014/04/06 16:51:38 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/07 13:39:00 | 000,444,760 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/02/05 17:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
PRC - [2013/02/05 10:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
PRC - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe
PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/13 21:42:33 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/13 21:42:17 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/13 21:42:16 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/13 21:42:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/13 21:30:32 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/13 21:30:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/13 21:30:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/13 21:30:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/13 21:30:18 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/13 21:30:18 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/13 21:30:17 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/13 21:30:16 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/13 21:30:16 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 21:30:16 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/13 21:30:15 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/13 21:30:15 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/13 21:30:14 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/13 21:30:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/13 21:30:14 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 21:30:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/11/23 12:31:58 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/06/28 17:56:24 | 000,733,184 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
MOD - [2013/02/05 10:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2012/10/25 16:19:46 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2012/10/25 16:19:44 | 001,411,072 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2012/10/25 16:19:34 | 000,293,376 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
MOD - [2012/10/25 16:19:34 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2012/09/18 15:41:02 | 000,191,488 | ---- | M] () -- C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
MOD - [2012/02/15 07:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/06 16:51:38 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/01 12:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 17:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/06 01:53:46 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV - [2014/03/15 17:36:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 02:41:42 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2014/02/05 17:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/12 06:08:26 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2013/02/05 10:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/24 10:25:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/31 16:11:02 | 000,065,296 | ---- | M] (Greatis Software, LLC) [Auto | Running] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 16:51:39 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 16:51:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/28 02:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/15 14:37:16 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/11/15 14:37:14 | 000,149,160 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/03/01 03:58:14 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2012/10/29 08:21:40 | 000,990,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/10/03 06:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/08/11 06:44:16 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/14 15:24:16 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KYEKBPRO.sys -- (KYEKBPRO)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn....MY&dcc=MY&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 65 F6 DA 29 3A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
 
[2013/04/15 22:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013/07/11 22:52:17 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 acdid.acdsystems.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [ghost] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [Tilt] C:\Users\Teoh Khai Siang\My Documents\GIGABYTE\AIVIA GHOST\Tilt.exe ()
O4 - HKCU..\Run: [PogoplugPC] C:\Program Files (x86)\PogoplugPC\ppserver.exe (Cloud Engines, Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07ECC0F9-3973-4025-855B-BD41068A541E}: NameServer = 122.255.99.236,122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656E27BD-FBE5-4DD7-A093-63FAC2420158}: DhcpNameServer = 122.255.99.236 122.255.99.228
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/09 23:02:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/09 06:30:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/08 21:07:23 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/04/08 21:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/04/08 20:52:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Teoh Khai Siang\Desktop\aswmbr.exe
[2014/04/08 06:19:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:28:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/07 21:09:20 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 21:09:19 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 21:08:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/07 21:06:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Apple Computer
[2014/04/06 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinThruster
[2014/04/06 16:51:39 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2014/04/04 06:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2014/04/03 21:39:20 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Mobile
[2014/04/03 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2014/04/03 21:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2014/04/03 21:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Blizzard Entertainment
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2014/04/02 23:40:52 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Battle.net
[2014/04/02 23:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014/03/30 16:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014/03/25 21:56:26 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Malwarebytes
[2014/03/25 21:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/25 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/25 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\Documents\Thief
[2014/03/22 20:47:55 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\NVIDIA
[2014/03/22 20:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/03/22 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\NVIDIA
[2014/03/22 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014/03/22 20:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/22 20:45:18 | 000,062,408 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/03/22 20:45:18 | 000,054,216 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/03/22 20:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/03/22 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZOTAC FireStorm
[2014/03/15 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Teoh Khai Siang\AppData\Local\Uddgmedia
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/11 06:24:15 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/11 06:24:15 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/11 06:24:15 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/11 06:20:08 | 000,000,407 | ---- | M] () -- C:\Users\Public\Documents\bootracer.ini
[2014/04/11 06:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/11 06:19:03 | 000,029,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/11 06:19:03 | 000,029,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 23:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 12:46:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Teoh Khai Siang\Desktop\aswmbr.exe
[2014/04/08 06:21:26 | 000,319,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/07 23:35:02 | 000,000,330 | ---- | M] () -- C:\Users\Teoh Khai Siang\Documents\Preset 0.mbcfg
[2014/04/07 14:54:48 | 001,426,178 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/07 14:02:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Teoh Khai Siang\Desktop\JRT.exe
[2014/04/07 13:56:10 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Teoh Khai Siang\Desktop\FRST64.exe
[2014/04/07 11:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teoh Khai Siang\Desktop\OTL.exe
[2014/04/06 20:19:23 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 18:01:53 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 16:51:39 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 16:51:39 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 16:51:39 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 16:51:39 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 16:51:39 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 16:51:39 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 16:51:39 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 16:51:39 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 16:51:39 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:39:20 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2014/04/03 21:39:20 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014/04/03 21:34:07 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/30 17:07:25 | 000,000,022 | ---- | M] () -- C:\Windows\GPU-Z.INI
[2014/03/30 16:48:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\3DMark.lnk
[2014/03/27 21:59:20 | 002,712,576 | ---- | M] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2014/03/25 21:57:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/23 20:15:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 19:58:06 | 000,001,991 | ---- | M] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/07 21:06:14 | 001,426,178 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\AdwCleaner.exe
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex The Fall.lnk
[2014/04/06 20:19:23 | 000,000,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex The Fall.lnk
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2014/04/03 23:50:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2014/04/03 21:34:07 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/02 23:18:14 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014/03/25 21:56:42 | 000,001,328 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\Thief.lnk
[2014/03/25 21:56:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 20:46:10 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014/03/22 20:45:25 | 003,649,185 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/03/22 20:44:44 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/22 19:58:06 | 000,001,991 | ---- | C] () -- C:\Users\Teoh Khai Siang\Desktop\ZOTAC FireStorm.lnk
[2014/02/14 22:20:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/11 19:10:48 | 000,007,602 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\Resmon.ResmonCfg
[2013/12/11 17:44:33 | 000,000,000 | -HS- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\LumaEmu
[2013/07/24 22:22:30 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2013/07/05 23:47:52 | 000,000,624 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/12/26 23:39:02 | 002,712,576 | ---- | C] () -- C:\Users\Teoh Khai Siang\AppData\Local\file__0.localstorage
[2012/12/26 19:35:27 | 000,773,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/24 10:25:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/24 10:25:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/23 00:10:32 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012/12/22 23:53:35 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/04 06:44:04 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\.mono
[2013/07/11 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\ACD Systems
[2013/11/23 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\AVAST Software
[2014/04/02 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Battle.net
[2013/02/28 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Crysis 3
[2014/01/04 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Injustice
[2012/12/22 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\Leadertech
[2013/12/09 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\library_dir
[2013/08/06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\MKKE
[2013/07/23 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk
[2013/06/20 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\SanDisk SecureAccess
[2013/09/14 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\The Creative Assembly
[2013/08/15 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Teoh Khai Siang\AppData\Roaming\TP-LINK
 
========== Purity Check ==========
 
 

< End of report >

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: regsvr32, module failed to load

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP