Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i have so many SVHOST.EXE..

Started by rhomel , Aug 07 2012 04:58 AM

  • Please log in to reply

#1
rhomel
Posted 07 August 2012 - 04:58 AM

rhomel

    Member

  • Member
  • PipPip
  • 90 posts
Untitled.jpg

OTL logfile created on: 8/7/2012 6:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rhomel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 45.10% Memory free
7.78 Gb Paging File | 5.23 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 405.67 Gb Total Space | 352.78 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Drive D: | 292.87 Gb Total Space | 240.01 Gb Free Space | 81.95% Space Free | Partition Type: NTFS

Computer Name: RHOMEL-PC | User Name: Rhomel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rhomel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Connectify\Connectifyd.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\USB Disk Security\USBGuard.exe (AbeGunnerZ Lab)
PRC - C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (gogoc) -- C:\Program Files\gogo6\gogoCLIENT\gogoc.exe (gogo6, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (AIPS) -- C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (gogoTunnelDevice) -- C:\Windows\SysNative\drivers\gogotun.sys (gogo6 Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-07-07 20:58:41&v=11.1.0.12&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-07 20:58:41&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mkg030&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rhomel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 18:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/18 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/07 10:35:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/07 10:35:40 | 000,000,000 | ---D | M]

[2012/06/28 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Extensions
[2012/07/01 23:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Firefox\Profiles\a1fd0z6f.default\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/08 18:27:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/07 10:35:40 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\RHOMEL\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/07/19 17:24:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/05/25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/06/23 18:20:16 | 000,033,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/07/07 20:58:34 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/19 17:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/19 17:24:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Premium Cookie Injector (Multi-Server) = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhnookgghcefjamdoakhhfamnhodpd\1.4_0\
CHR - Extension: avast! WebRep = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.5.0_0\
CHR - Extension: Gmail = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 22:29:03 | 000,000,865 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 updates.connectify.me
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (AbeGunnerZ Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{212C1621-DD63-4548-A3DB-6CCE1E4C8CE5}: NameServer = 192.168.31.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5612C4-53DA-48D5-8000-D4F4661D4DC4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E156B9CC-8764-4C61-80EF-0B9709EFD6CE}: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F721C091-B959-4759-AB9C-32F30D02584B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 18:53:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/07 11:52:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP
[2012/08/07 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/08/06 16:07:09 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/08/04 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/03 02:30:28 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/02 07:26:12 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\Documents\Notes
[2012/07/31 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/07/31 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/07/31 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
[2012/07/31 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\netcut
[2012/07/31 06:51:03 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012/07/31 06:51:03 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012/07/30 22:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\HonLauncher
[2012/07/30 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Chromium
[2012/07/30 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\Heroes of Newerth (Garena)
[2012/07/30 20:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaHoN
[2012/07/30 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Garena
[2012/07/29 20:50:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/29 18:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gogo6
[2012/07/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\gogo6
[2012/07/29 15:26:10 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/27 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canopy
[2012/07/27 00:50:10 | 000,000,000 | ---D | C] -- C:\Canopy
[2012/07/27 00:50:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012/07/27 00:49:53 | 000,000,000 | -H-D | C] -- C:\Users\Rhomel\InstallAnywhere
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 08:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun Broadband Wireless
[2012/07/24 16:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disktrix
[2012/07/24 16:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disktrix
[2012/07/24 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012/07/23 23:12:40 | 000,000,000 | ---D | C] -- C:\Temp
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/07/23 23:06:08 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/07/23 22:51:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/23 22:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Samsung
[2012/07/23 22:48:58 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/07/23 22:48:55 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\samsung
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/07/23 22:47:28 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/07/23 22:47:28 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/07/23 22:47:28 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012/07/23 22:47:28 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/07/23 22:46:52 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/07/23 22:46:52 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/07/23 22:46:52 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/07/23 22:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/07/23 22:45:42 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/23 22:45:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/07/23 22:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/07/23 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Downloaded Installations
[2012/07/22 00:30:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/22 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/07/22 00:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/07/22 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2012/07/21 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UX Pack
[2012/07/21 23:32:22 | 000,000,000 | ---D | C] -- C:\UXFiles
[2012/07/21 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\SkinSoft
[2012/07/21 01:02:03 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/07/20 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unified Remote
[2012/07/20 18:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/07/20 18:38:42 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012/07/20 18:38:42 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/07/20 18:38:42 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/07/20 18:38:42 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/07/20 18:38:39 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012/07/20 18:38:30 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/07/19 23:52:34 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/07/19 23:52:34 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/07/19 23:52:34 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/07/19 23:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/19 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/19 23:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/07/19 23:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/07/19 23:51:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/19 17:08:15 | 010,235,904 | ---- | C] (AutoDWG) -- C:\Windows\SysWow64\PDF2DWG.dll
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoDWG
[2012/07/19 00:03:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Shared Memory
[2012/07/18 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\[email protected]
[2012/07/18 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2012/07/18 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/07/18 20:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/18 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/07/18 00:09:36 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/18 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/07/18 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012/07/17 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/17 21:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/17 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/17 19:11:31 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Temp
[2012/07/17 19:11:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/07/17 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/07/17 17:20:24 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Malwarebytes
[2012/07/17 17:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/07/17 16:35:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/07/17 16:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/15 16:57:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012/07/15 12:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack
[2012/07/15 12:42:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MetroClock
[2012/07/15 12:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Diagnostics
[2012/07/15 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Labcenter Electronics
[2012/07/15 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Data Sheets
[2012/07/15 05:35:44 | 001,048,576 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2012/07/15 05:35:44 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL
[2012/07/15 05:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Labcenter Electronics
[2012/07/15 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\PTC
[2012/07/15 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Mathsoft
[2012/07/15 03:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PTC
[2012/07/15 03:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PTC
[2012/07/15 03:00:22 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Mathsoft
[2012/07/15 02:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathcad
[2012/07/15 02:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSXML 4.0
[2012/07/15 02:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/07/15 00:51:45 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/15 00:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/15 00:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/15 00:49:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/07/15 00:49:09 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/07/15 00:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series
[2012/07/15 00:48:47 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/07/15 00:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DipTrace
[2012/07/15 00:41:22 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\DipTrace
[2012/07/15 00:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DipTrace
[2012/07/15 00:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DipTrace
[2012/07/14 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\ShamurShamur
[2012/07/13 16:31:54 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\CrashDumps
[2012/07/12 23:13:00 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Notepad++
[2012/07/12 23:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/07/12 15:40:33 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/07/11 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\GarenaPlus
[2012/07/11 23:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/07/11 23:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/07/11 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\.VirtualBox
[2012/07/11 20:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/07/11 20:53:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/07/11 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/11 10:07:10 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\OneNote Notebooks
[2012/07/09 21:38:32 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\AppData\Roaming\Brother
[2012/07/08 23:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012/07/08 23:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother

========== Files - Modified Within 30 Days ==========

[2012/08/07 18:53:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/07 18:51:10 | 000,257,431 | ---- | M] () -- C:\Users\Rhomel\Desktop\Untitled.jpg
[2012/08/07 17:18:40 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/07 17:18:40 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/08/07 10:43:36 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 10:43:36 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 10:35:52 | 000,000,380 | ---- | M] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/08/07 10:35:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 10:35:18 | 3131,490,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 02:34:00 | 000,000,030 | ---- | M] () -- C:\0.bak
[2012/08/06 22:30:17 | 000,000,521 | ---- | M] () -- C:\0
[2012/08/06 11:26:28 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 11:26:28 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 11:26:28 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 20:58:04 | 000,000,219 | ---- | M] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/08/04 13:17:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 17:23:14 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/01 05:27:07 | 000,002,162 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/01 05:25:53 | 000,002,388 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/31 17:15:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/31 16:46:30 | 000,704,512 | ---- | M] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | M] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | M] () -- C:\Windows\is-RODFQ.lst
[2012/07/30 20:52:24 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | M] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/27 00:31:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/23 23:11:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:57:03 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/23 22:48:45 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | M] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | M] () -- C:\Windows\clwcp.bmp
[2012/07/21 22:29:03 | 000,000,865 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 22:14:22 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/07/20 18:39:31 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat
[2012/07/20 18:39:28 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/07/20 18:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/07/19 23:52:19 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/18 22:36:50 | 000,002,681 | ---- | M] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | M] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | M] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/17 19:29:52 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini
[2012/07/17 19:27:05 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | M] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/16 00:51:09 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/15 02:59:10 | 000,002,050 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mathcad 15.lnk
[2012/07/15 02:59:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Mathcad 15.lnk
[2012/07/13 12:32:33 | 000,045,663 | ---- | M] () -- C:\Users\Rhomel\Documents\lancet window.dwg
[2012/07/12 00:17:45 | 000,045,270 | ---- | M] () -- C:\Users\Rhomel\AppData\Roaming\room_v3.dat
[2012/07/11 20:51:16 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/07/11 20:51:16 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

========== Files Created - No Company Name ==========

[2012/08/07 17:18:40 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/07 12:13:59 | 000,257,431 | ---- | C] () -- C:\Users\Rhomel\Desktop\Untitled.jpg
[2012/08/07 02:34:00 | 000,000,030 | ---- | C] () -- C:\0.bak
[2012/08/04 20:58:04 | 000,000,219 | ---- | C] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/07/31 16:46:30 | 000,704,512 | ---- | C] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | C] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | C] () -- C:\Windows\is-RODFQ.lst
[2012/07/31 16:46:29 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012/07/30 20:52:24 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | C] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/23 23:11:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:48:45 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | C] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | C] () -- C:\Windows\clwcp.bmp
[2012/07/21 23:32:26 | 000,517,120 | ---- | C] () -- C:\Windows\SysWow64\CLWCP.exe
[2012/07/21 23:32:25 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/07/19 23:52:19 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/19 17:08:14 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\AxEImage.dll
[2012/07/19 17:08:14 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2012/07/18 22:36:50 | 000,002,681 | ---- | C] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | C] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | C] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/18 00:09:34 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/17 21:58:51 | 002,587,633 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/17 21:57:00 | 000,012,780 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/17 21:45:13 | 000,000,380 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/07/17 19:27:05 | 000,002,408 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | C] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/17 17:50:56 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/07/17 17:50:53 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/16 00:48:04 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/15 02:59:10 | 000,002,050 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mathcad 15.lnk
[2012/07/15 02:59:10 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Mathcad 15.lnk
[2012/07/13 11:55:24 | 000,045,663 | ---- | C] () -- C:\Users\Rhomel\Documents\lancet window.dwg
[2012/07/12 00:17:45 | 000,045,270 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\room_v3.dat
[2012/07/11 20:50:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/07/11 20:50:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/07/08 23:03:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/08 23:03:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/07/08 23:02:13 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf08b.dat
[2012/06/28 13:24:48 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 11:50:39 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/06/28 11:50:39 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/06/28 11:50:39 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/06/28 11:50:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012/06/30 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)
[2012/07/07 08:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Autodesk
[2012/07/18 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/29 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/15 04:28:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DAEMON Tools Pro
[2012/08/07 17:21:59 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DMCache
[2012/07/04 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Downloaded Installations
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/08/03 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\GarenaPlus
[2012/08/07 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/07/08 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ImgBurn
[2012/07/15 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Mathsoft
[2012/07/06 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\National Instruments
[2012/08/02 04:02:47 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Nitro PDF
[2012/08/02 23:56:15 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Notepad++
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/15 03:04:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\PTC
[2012/07/23 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/08/07 02:34:08 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TeraCopy
[2012/07/31 06:49:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/20 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/08/07 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\uTorrent
[2012/07/04 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Zbshareware Lab
[2012/07/05 13:02:47 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/07/05 13:02:47 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/06/29 03:54:32 | 000,000,828 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/06/29 03:54:32 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/08/07 17:18:40 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/07 17:18:40 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\RegCure Pro.job
[2012/07/20 19:23:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >


OTL Extras logfile created on: 8/7/2012 6:55:48 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rhomel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 45.10% Memory free
7.78 Gb Paging File | 5.23 Gb Available in Paging File | 67.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 405.67 Gb Total Space | 352.78 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Drive D: | 292.87 Gb Total Space | 240.01 Gb Free Space | 81.95% Space Free | Partition Type: NTFS

Computer Name: RHOMEL-PC | User Name: Rhomel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078BD67F-4FF3-4A76-8D17-79CF786C5764}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AA87542-211A-410D-A699-B5E5A6BC8197}" = lport=6113 | protocol=17 | dir=in | name=ghb1 |
"{19202CD2-C614-488D-9F74-D4B8BD239546}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{1A11A615-089E-4792-B9A6-A95FA8FE8630}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2BCD9AAF-D8AB-4F82-B935-2EA80BD0C51E}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{35D8E5F6-6A7C-48AB-9AE7-E7891B413812}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3AC3C4EB-DC59-4015-852A-53FB64F4CB67}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{3B6E311C-F4C3-4D5F-BDF7-F90544A994AF}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{3FA30321-E634-4A89-9984-B84845353DD3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{45E1E37B-1791-49A1-98E2-8C5478070063}" = rport=445 | protocol=6 | dir=out | app=system |
"{47F360ED-A630-4DE4-B7CF-E2C8BB38F6CD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4A128486-AA5D-461F-ADA9-49BCB5337AC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{52769687-9866-4B48-9D81-52A00BB678DF}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{55115BE9-9E68-4E46-9B38-92BE8186F584}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{629015DF-E03C-4AA8-AC76-6678240EAB4B}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{770FA037-E428-4578-90D4-BEE4930ABEA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81F91416-9048-47EB-BCDB-105388F0514F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CB0004B-F88D-4BAA-AC7F-4271DF2BB4FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9063B563-2978-407C-B251-30E35EE21905}" = lport=139 | protocol=6 | dir=in | app=system |
"{91E82E47-E5CA-4BFA-9303-24DC1C94EF2B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{968EDC61-9851-405E-8BBD-1F0D8EB98C7E}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{9754E279-A4DE-46C8-81CF-4CAA009EECE0}" = rport=138 | protocol=17 | dir=out | app=system |
"{97A7218E-F163-463F-9FE0-77D4CE7FF59B}" = lport=6114 | protocol=17 | dir=in | name=ghb3 |
"{9F42501E-B182-4243-AB58-18B4A5407F87}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{A1CAC11D-94EA-47EB-8926-87D738622E1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADD2338B-A595-4A1E-91B8-9464B98AB890}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{B3097DD3-0344-48AC-A676-11D6DF18205D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8CC7E80-D729-44E0-9A7F-40337B438AEA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C088C246-AFE4-4C30-AC22-29C711643FC3}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{C27E4107-35C9-4AD0-A872-D7C26004CF6C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D11A2926-987A-430E-ABB8-BF6525147FC2}" = lport=6113 | protocol=6 | dir=in | name=ghb |
"{D205065C-B7A2-4A3D-A07F-F0282A85CBF8}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{D317EECB-57EA-4D4D-AD89-3CFA3F954D6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D39BAB8C-0538-4563-A675-C1E382B6F216}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D862DDF2-8ECC-4A40-9E32-862FDBD9EB6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D87D5A4E-4820-4D12-B0AB-B992F259F7AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{E80E75AC-652B-4052-803E-292F370F7D3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F47D35C7-8664-4D07-ABBC-E77C6CED7B69}" = rport=139 | protocol=6 | dir=out | app=system |
"{FE5C8413-0730-4D94-9B69-6E6213F3E8D8}" = lport=6114 | protocol=6 | dir=in | name=ghb2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0846CDCF-E958-441A-BAD3-04054E8DE265}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{121DB783-E878-421C-B25F-5FEB0E5313AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{1D18A91B-EA28-41E8-BD1C-64316650A143}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{2A50DE3B-870F-44CC-9552-0A2B43D29014}" = protocol=17 | dir=in | app=c:\program files (x86)\e-games\pointblank\pointblank.exe |
"{37CCF330-DC2D-4960-BD01-9BE6512444F8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3A8AF538-7018-4785-8EC0-DD0AB1FE50EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3E3C5DDB-0ED4-4DD9-9CA8-DC547B35C6B9}" = protocol=6 | dir=in | app=c:\program files (x86)\e-games\pointblank\pointblank.exe |
"{40BB38C5-25FA-43D1-8E5C-28F9B0ECDB08}" = protocol=58 | dir=out | [email protected],-28546 |
"{4CEB621F-967E-41B7-80CC-5AF39E305C11}" = dir=in | app=c:\users\rhomel\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4DDA1C13-2EBD-4738-8355-0431DE32C230}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{51378B2F-BFFA-4DCC-9F36-D3940F6B6557}" = protocol=58 | dir=in | [email protected],-28545 |
"{61586DA7-928F-41BF-B6C5-13BF9D222A25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{67641EE6-9A46-4691-AB31-486EE63BF614}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6BE37784-8048-4337-91BD-17089FE112EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6E651D5C-3FE2-4A11-BC57-2A35508492AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{77992350-2D2F-4BF9-8854-1302DDA5CEC7}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{86CB3B82-1AF5-447A-832E-D80DCF7D777C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8D9959AD-64E8-4945-B621-2C44838F7652}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{955A419A-67F7-4948-88CB-1AAE7E5CC407}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A5ADE09D-4E89-49E3-84D8-1DAD4CADD294}" = protocol=1 | dir=out | [email protected],-28544 |
"{A729FAF7-BF8F-4474-9B49-CC8DCA1CED99}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{AA8889E7-C637-4893-AF47-161F64EF500C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AD552CEF-E11D-457B-BD1A-5AFBD84F8092}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B311D782-0B5F-4491-99EC-1FC73CE0E86C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C139F47E-E8B3-4CB2-992E-7ADD2C6D0379}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{CD554351-A40F-4638-8BC0-3ACE160818E5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D5F3E323-93FD-4062-9D9E-AF8599FC1DA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{DCAEA52D-881A-4EF3-AAF6-9172AC0399CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{F3982D68-406E-4F30-B82E-25FBEBC394E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{FCE37E20-25B8-4C97-81B4-589AA18AC1AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{03002BC3-098A-4686-8D81-1AECFA02C735}C:\program files (x86)\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
"TCP Query User{0B7B9039-9102-4C9F-AE6F-DE208F1ED813}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{1727948E-A7A9-43C6-9AD4-9AC0610A9A72}C:\users\rhomel\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rhomel\appdata\local\akamai\netsession_win.exe |
"TCP Query User{1FE9CDA2-2F34-433C-B260-F1DCBEFA0BE8}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"TCP Query User{27763F30-A688-42F1-9091-481BE1BAE6AA}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{289E698E-75DC-4EFD-976F-BCC379292796}D:\downloads\honinstaller.exe" = protocol=6 | dir=in | app=d:\downloads\honinstaller.exe |
"TCP Query User{36FB6C07-9270-4229-84F2-4F912FD905EA}D:\games\sierra\half-life\hl.exe" = protocol=6 | dir=in | app=d:\games\sierra\half-life\hl.exe |
"TCP Query User{4463FF61-6D4C-45F6-8F82-07EB1E47F07C}D:\games\garena hostbot v6.0\ghost.exe" = protocol=6 | dir=in | app=d:\games\garena hostbot v6.0\ghost.exe |
"TCP Query User{50E24B0A-FC59-480C-AB20-0C3E61D2C1EE}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{8B925F44-0A4B-424B-9CC9-85AEE5956241}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{B115A69E-AD62-48A1-9448-B0695069D993}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"TCP Query User{C99EFDBF-2306-42CB-89A7-C1F5EEF40212}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{D00501D7-1B98-4DDB-BDF9-A98806A8CEC0}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{D752334D-7966-4930-8656-057E6CFB4E75}D:\games\garena hostbot v6.0\garenahostbot.exe" = protocol=6 | dir=in | app=d:\games\garena hostbot v6.0\garenahostbot.exe |
"TCP Query User{EC523943-6B68-43E6-8F23-F324EC478BAF}C:\canopy\networkupdater\_jvm\bin\java.exe" = protocol=6 | dir=in | app=c:\canopy\networkupdater\_jvm\bin\java.exe |
"UDP Query User{0989A800-5982-4BD5-B4B4-D9CAE782033C}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{24C9344A-767B-4871-8CB7-1D87699DAA9F}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{2577D56C-673D-41E8-BD5B-E1A1E284F528}D:\downloads\honinstaller.exe" = protocol=17 | dir=in | app=d:\downloads\honinstaller.exe |
"UDP Query User{3C45FB7D-F7CB-44D4-90BC-735680422AA0}D:\games\garena hostbot v6.0\ghost.exe" = protocol=17 | dir=in | app=d:\games\garena hostbot v6.0\ghost.exe |
"UDP Query User{3C4C8F06-0543-4D1C-A73A-3A17EAF9F13A}D:\games\sierra\half-life\hl.exe" = protocol=17 | dir=in | app=d:\games\sierra\half-life\hl.exe |
"UDP Query User{5A3A001D-AC48-43C8-8646-CD8A8FA968AD}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{5FAD4778-1BD4-4070-9378-AD7ABD23A2A0}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"UDP Query User{974E4692-320A-4B7C-A5DA-7B88BDF2215C}C:\users\rhomel\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rhomel\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B9C7E03C-F261-4903-9B2A-261492D845CA}C:\canopy\networkupdater\_jvm\bin\java.exe" = protocol=17 | dir=in | app=c:\canopy\networkupdater\_jvm\bin\java.exe |
"UDP Query User{BA4CEAB3-4024-489E-8670-34C10AE6B564}D:\games\garena hostbot v6.0\garenahostbot.exe" = protocol=17 | dir=in | app=d:\games\garena hostbot v6.0\garenahostbot.exe |
"UDP Query User{CF5B9006-783E-44AC-B7DC-4B508AA19CEB}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"UDP Query User{DACB1E2A-EABB-4026-B9FF-0885D35FCE52}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{E4B020F7-B50F-4CB4-9140-23450E936F81}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{F34162C3-1E76-4911-A77F-5BA344FD8E38}C:\program files (x86)\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
"UDP Query User{F3ED6DED-7A3F-4177-8035-2984B799C33C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FC54CF7-6940-4456-BE5B-88CF8FF71A7E}" = Nitro Pro 7
"{20150000-0011-0000-1000-0000000FF1CE}" = Microsoft Professional Plus 2013
"{20150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{20150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{20150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{20150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{20150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{20150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{20150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - English
"{20150000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - French
"{20150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 Preview - Spanish
"{20150000-002C-0409-1000-0000000FF1CE}" = Microsoft Proofing (English) 2013
"{20150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{20150000-0051-0000-1000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{20150000-0054-0409-1000-0000000FF1CE}" = Microsoft Visio MUI (English) 2013
"{20150000-006E-0409-1000-0000000FF1CE}" = Microsoft Shared MUI (English) 2013
"{20150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{20150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{20150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{20150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{20150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Shared 32-bit MUI (English) 2013
"{20150000-00E1-0409-1000-0000000FF1CE}" = Microsoft OSM MUI (English) 2013
"{20150000-00E2-0409-1000-0000000FF1CE}" = Microsoft OSM UX MUI (English) 2013
"{20150000-0115-0409-1000-0000000FF1CE}" = Microsoft Shared Setup Metadata MUI (English) 2013
"{20150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{20150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3DD68F17-2C5D-49AC-9280-13C90FE19B71}" = NI Logos64 5.1.3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B004-0000-0102-0060B0CE6BBA}" = AutoCAD Architecture 2013 - English
"{5783F2D7-B004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2013 Language Pack - English
"{5783F2D7-B004-0409-2102-0060B0CE6BBA}" = AutoCAD Architecture 2013 - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIO_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B092C4EE-F80B-48DD-B57D-C42B66543BE0}" = NI VC2005MSMs x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.67
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.67
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C342A5D7-9D75-4D37-879A-BAA68D168670}" = NI Logos64 XT Support
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)
"{E63A64BC-6458-432B-A5FA-A61BFD34EA6E}" = NI TDMS (64-bit)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"AutoCAD Architecture 2013 - English" = AutoCAD Architecture 2013 - English
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"CCleaner" = CCleaner
"Connectify" = Connectify
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"gogoc" = gogo6 gogoCLIENT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013 Preview
"Office15.VISPRO" = Microsoft Visio Professional 2013 Preview
"TeraCopy_is1" = TeraCopy 2.27
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B6E651-686D-4BCD-8A93-C07B01761745}" = NI Logos 5.1.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{129024FF-A6C9-4696-91BC-570C6C05193A}" = Windchill ProductPoint Client Manager
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A014690-36EF-45FC-B97F-F8081E9706B4}" = Pointblank
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-385C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{604D1BD4-7EE3-4704-8D53-0675FA94AE57}" = NI MDF Support
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65246CE4-17F2-4896-8828-696086BED5F6}" = NI TDMS
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.1 Core
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CD0F3A4-AA2F-4F6E-84F4-BFC2905D4BA3}" = NI EULA Depot
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0.1 Pro
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}" = FARO LS 1.1.408.2
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{965D4A7F-25FE-4D0E-8729-43C6236FB03C}" = Unified Remote
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{B226F936-42E3-402E-8CF8-C1D92F255A17}" = NI Uninstaller
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE95841B-D741-4B72-B79B-1EC61240F10E}" = NI Service Locator
"{C0FF3C38-FC96-4575-8A7B-89DDA3F9C79D}" = NI Update Service
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C65ABF2A-1B82-4F34-8C74-E4FE373F3BE4}" = 'PTC Places' Namespace Shell Extension
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFF55EAB-5A2F-4A95-99D4-EF3E585F03FD}" = NI Logos XT Support
"{D265C4DB-8F68-4264-BA9C-BCEFF134A8B8}" = NI Circuit Design Suite 11.0.1 Pro Licenses
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DC8F6C78-7231-44A2-B66E-6C4FCB3A3364}" = Mathcad 15 F000
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F11F2CA2-F45F-4CC2-8962-28A0F5DC625A}" = NI Update Service Full
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyToISO_is1" = AnyToISO
"ASUS K5 Series ScreenSaver" = ASUS K5 Series ScreenSaver
"Autodesk Content Service" = Autodesk Content Service
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"FARO LS_is1" = FARO LS 4.8.2.25521
"Garena" = Garena 2010
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HoN" = Garena - Heroes of Newerth
"im" = Garena Plus
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCut_is1" = NetCut 2.1.4
"Network Updater" = Network Updater
"NI Uninstaller" = National Instruments Software
"Notepad++" = Notepad++
"Novarm DipTrace" = Novarm DipTrace
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Pointblank" = Pointblank
"Steam App 570" = Dota 2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltimateDefrag" = UltimateDefrag
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 12:06:08 AM | Computer Name = Rhomel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: igdumd64.dll, version: 8.15.10.2653, time
stamp: 0x4f3aac44 Exception code: 0xc000041d Fault offset: 0x000000000030eb06 Faulting
process id: 0x1750 Faulting application start time: 0x01cd71e13ff646ee Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\system32\igdumd64.dll
Report
Id: b7bfbbb2-dde9-11e1-8a96-94dbc9ab461d

Error - 8/7/2012 1:36:52 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 8/7/2012 1:36:52 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 8/7/2012 9:55:17 PM | Computer Name = Rhomel-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.56.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 12d0 Start Time:
01cd7508a37e8b3d Termination Time: 3 Application Path: C:\Users\Rhomel\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 8/6/2012 2:13:50 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7022
Description = The Autodesk Content Service service hung on starting.

Error - 8/6/2012 6:21:37 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk
Content Service service to connect.

Error - 8/6/2012 6:21:37 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7000
Description = The Autodesk Content Service service failed to start due to the following
error: %%1053

Error - 8/6/2012 9:26:28 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk
Content Service service to connect.

Error - 8/6/2012 9:26:28 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7000
Description = The Autodesk Content Service service failed to start due to the following
error: %%1053

Error - 8/6/2012 10:59:51 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 8/7/2012 12:57:21 AM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk
Content Service service to connect.

Error - 8/7/2012 12:57:21 AM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7000
Description = The Autodesk Content Service service failed to start due to the following
error: %%1053

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 8/7/2012 1:36:53 PM | Computer Name = Rhomel-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

Edited by rhomel, 07 August 2012 - 05:14 AM.

  • 0

Advertisements

#2
Gammo
Posted 10 August 2012 - 07:32 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
rhomel
Posted 12 August 2012 - 05:52 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
TDSSkiller 

19:57:45.0401 3992	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:57:46.0271 3992	============================================================
19:57:46.0271 3992	Current date / time: 2012/08/12 19:57:46.0271
19:57:46.0271 3992	SystemInfo:
19:57:46.0271 3992	
19:57:46.0271 3992	OS Version: 6.1.7601 ServicePack: 1.0
19:57:46.0271 3992	Product type: Workstation
19:57:46.0271 3992	ComputerName: RHOMEL-PC
19:57:46.0271 3992	UserName: Rhomel
19:57:46.0271 3992	Windows directory: C:\Windows
19:57:46.0271 3992	System windows directory: C:\Windows
19:57:46.0271 3992	Running under WOW64
19:57:46.0271 3992	Processor architecture: Intel x64
19:57:46.0271 3992	Number of processors: 8
19:57:46.0271 3992	Page size: 0x1000
19:57:46.0271 3992	Boot type: Normal boot
19:57:46.0271 3992	============================================================
19:57:46.0759 3992	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:57:46.0764 3992	============================================================
19:57:46.0764 3992	\Device\Harddisk0\DR0:
19:57:46.0765 3992	MBR partitions:
19:57:46.0765 3992	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:57:46.0765 3992	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
19:57:46.0765 3992	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x32B55000
19:57:46.0765 3992	============================================================
19:57:46.0805 3992	C: <-> \Device\Harddisk0\DR0\Partition2
19:57:46.0838 3992	D: <-> \Device\Harddisk0\DR0\Partition1
19:57:46.0838 3992	============================================================
19:57:46.0838 3992	Initialize success
19:57:46.0838 3992	============================================================
19:57:51.0805 1804	============================================================
19:57:51.0805 1804	Scan started
19:57:51.0805 1804	Mode: Manual; SigCheck; TDLFS; 
19:57:51.0805 1804	============================================================
19:57:53.0002 1804	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:57:53.0195 1804	1394ohci - ok
19:57:53.0310 1804	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:57:53.0322 1804	ACPI - ok
19:57:53.0345 1804	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:57:53.0386 1804	AcpiPmi - ok
19:57:53.0483 1804	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:53.0491 1804	AdobeARMservice - ok
19:57:53.0601 1804	AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:53.0612 1804	AdobeFlashPlayerUpdateSvc - ok
19:57:53.0709 1804	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:53.0724 1804	adp94xx - ok
19:57:53.0786 1804	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:57:53.0799 1804	adpahci - ok
19:57:53.0864 1804	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:57:53.0874 1804	adpu320 - ok
19:57:53.0910 1804	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:57:53.0957 1804	AeLookupSvc - ok
19:57:54.0077 1804	AFBAgent        (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
19:57:54.0108 1804	AFBAgent - ok
19:57:54.0212 1804	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:57:54.0260 1804	AFD - ok
19:57:54.0376 1804	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:57:54.0385 1804	agp440 - ok
19:57:54.0435 1804	AiCharger       (16f6f6b7903b913ab41ab848c8bb5658) C:\Windows\system32\DRIVERS\AiCharger.sys
19:57:54.0443 1804	AiCharger - ok
19:57:54.0548 1804	AIPS            (2870ce9bfd6ba66fb0ffc6d11c9e41a7) C:\Program Files (x86)\netcut\services\AIPS.exe
19:57:54.0575 1804	AIPS ( UnsignedFile.Multi.Generic ) - warning
19:57:54.0575 1804	AIPS - detected UnsignedFile.Multi.Generic (1)
19:57:54.0617 1804	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:57:54.0658 1804	ALG - ok
19:57:54.0722 1804	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:57:54.0730 1804	aliide - ok
19:57:54.0733 1804	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:57:54.0741 1804	amdide - ok
19:57:54.0798 1804	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:57:54.0828 1804	AmdK8 - ok
19:57:54.0886 1804	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:57:54.0987 1804	AmdPPM - ok
19:57:55.0036 1804	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:57:55.0046 1804	amdsata - ok
19:57:55.0151 1804	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:55.0161 1804	amdsbs - ok
19:57:55.0187 1804	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:57:55.0195 1804	amdxata - ok
19:57:55.0232 1804	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
19:57:55.0262 1804	androidusb - ok
19:57:55.0306 1804	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:57:55.0362 1804	AppID - ok
19:57:55.0396 1804	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:57:55.0439 1804	AppIDSvc - ok
19:57:55.0491 1804	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:57:55.0543 1804	Appinfo - ok
19:57:55.0600 1804	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:57:55.0640 1804	AppMgmt - ok
19:57:55.0700 1804	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:57:55.0709 1804	arc - ok
19:57:55.0731 1804	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:57:55.0740 1804	arcsas - ok
19:57:55.0873 1804	ASLDRService    (a3626c6d3f2dc95497f3f61842d7fd89) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:57:55.0881 1804	ASLDRService - ok
19:57:55.0933 1804	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:57:55.0941 1804	ASMMAP64 - ok
19:57:56.0029 1804	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:57:56.0037 1804	aspnet_state - ok
19:57:56.0125 1804	ASUS InstantOn  (6a122b4f0e5293cacfa8a5f2cba9b356) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
19:57:56.0135 1804	ASUS InstantOn - ok
19:57:56.0166 1804	AsusVBus        (cbf4c9263f35a9e80e4ad5cbbae6049c) C:\Windows\system32\DRIVERS\AsusVBus.sys
19:57:56.0174 1804	AsusVBus - ok
19:57:56.0190 1804	AsusVTouch      (c951f6f1d909e1aad7160d9ee860a3f1) C:\Windows\system32\DRIVERS\AsusVTouch.sys
19:57:56.0199 1804	AsusVTouch - ok
19:57:56.0225 1804	aswFsBlk        (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
19:57:56.0234 1804	aswFsBlk - ok
19:57:56.0256 1804	aswMonFlt       (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
19:57:56.0265 1804	aswMonFlt - ok
19:57:56.0297 1804	aswRdr          (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
19:57:56.0306 1804	aswRdr - ok
19:57:56.0380 1804	aswSnx          (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
19:57:56.0402 1804	aswSnx - ok
19:57:56.0434 1804	aswSP           (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
19:57:56.0447 1804	aswSP - ok
19:57:56.0476 1804	aswTdi          (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
19:57:56.0484 1804	aswTdi - ok
19:57:56.0516 1804	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:56.0567 1804	AsyncMac - ok
19:57:56.0612 1804	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:57:56.0620 1804	atapi - ok
19:57:56.0648 1804	AthBTPort       (d0b119d6f52bdca8d204f79d27690209) C:\Windows\system32\DRIVERS\btath_flt.sys
19:57:56.0655 1804	AthBTPort - ok
19:57:56.0734 1804	AtherosSvc      (edf396de960606106b06de0478b1476b) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:57:56.0740 1804	AtherosSvc - ok
19:57:56.0916 1804	athr            (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
19:57:56.0989 1804	athr - ok
19:57:57.0123 1804	ATKGFNEXSrv     (dbc598e47e7a382e60e2a4745d41fef9) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:57:57.0131 1804	ATKGFNEXSrv - ok
19:57:57.0179 1804	ATKWMIACPIIO    (41ceaffcf3550785e59e3ec9bee8d97a) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:57:57.0188 1804	ATKWMIACPIIO - ok
19:57:57.0336 1804	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:57:57.0367 1804	AudioEndpointBuilder - ok
19:57:57.0371 1804	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:57:57.0398 1804	AudioSrv - ok
19:57:57.0436 1804	Autodesk Content Service (f431dc5d94f4b2fdbc927655d8a9b10e) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
19:57:57.0443 1804	Autodesk Content Service - ok
19:57:57.0499 1804	avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:57:57.0508 1804	avast! Antivirus - ok
19:57:57.0550 1804	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:57:57.0582 1804	AxInstSV - ok
19:57:57.0709 1804	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:57:57.0723 1804	b06bdrv - ok
19:57:57.0787 1804	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:57:57.0816 1804	b57nd60a - ok
19:57:57.0884 1804	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:57:57.0916 1804	BDESVC - ok
19:57:57.0978 1804	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:57:58.0068 1804	Beep - ok
19:57:58.0179 1804	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:57:58.0237 1804	BFE - ok
19:57:58.0310 1804	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:57:58.0364 1804	BITS - ok
19:57:58.0435 1804	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:58.0467 1804	blbdrive - ok
19:57:58.0515 1804	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:57:58.0526 1804	bowser - ok
19:57:58.0568 1804	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:58.0579 1804	BrFiltLo - ok
19:57:58.0626 1804	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:58.0638 1804	BrFiltUp - ok
19:57:58.0696 1804	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:57:58.0752 1804	Browser - ok
19:57:58.0828 1804	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:57:58.0842 1804	Brserid - ok
19:57:58.0852 1804	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:58.0871 1804	BrSerWdm - ok
19:57:58.0926 1804	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:58.0952 1804	BrUsbMdm - ok
19:57:58.0954 1804	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:58.0974 1804	BrUsbSer - ok
19:57:59.0058 1804	BTATH_A2DP      (50d912c86b924c397deae7c813e25b78) C:\Windows\system32\drivers\btath_a2dp.sys
19:57:59.0069 1804	BTATH_A2DP - ok
19:57:59.0092 1804	btath_avdt      (486362291e8c2aabc3698fcb0052d042) C:\Windows\system32\drivers\btath_avdt.sys
19:57:59.0100 1804	btath_avdt - ok
19:57:59.0167 1804	BTATH_BUS       (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys
19:57:59.0172 1804	BTATH_BUS - ok
19:57:59.0218 1804	BTATH_HCRP      (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:57:59.0226 1804	BTATH_HCRP - ok
19:57:59.0255 1804	BTATH_LWFLT     (371a11c1333ba526263a987a93acde3d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:57:59.0262 1804	BTATH_LWFLT - ok
19:57:59.0304 1804	BTATH_RCP       (abcd3c16ca850a7594ceb9ad5d966810) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:57:59.0314 1804	BTATH_RCP - ok
19:57:59.0396 1804	BtFilter        (e2bc720e66da3e51e41d47c12fe353f1) C:\Windows\system32\DRIVERS\btfilter.sys
19:57:59.0409 1804	BtFilter - ok
19:57:59.0448 1804	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:57:59.0483 1804	BthEnum - ok
19:57:59.0528 1804	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:59.0564 1804	BTHMODEM - ok
19:57:59.0607 1804	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:57:59.0641 1804	BthPan - ok
19:57:59.0714 1804	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:57:59.0756 1804	BTHPORT - ok
19:57:59.0814 1804	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:57:59.0857 1804	bthserv - ok
19:57:59.0882 1804	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:57:59.0918 1804	BTHUSB - ok
19:57:59.0979 1804	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:58:00.0029 1804	cdfs - ok
19:58:00.0131 1804	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:58:00.0208 1804	cdrom - ok
19:58:00.0259 1804	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:00.0309 1804	CertPropSvc - ok
19:58:00.0365 1804	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:58:00.0392 1804	circlass - ok
19:58:00.0453 1804	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:58:00.0467 1804	CLFS - ok
19:58:00.0541 1804	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:00.0549 1804	clr_optimization_v2.0.50727_32 - ok
19:58:00.0606 1804	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:58:00.0614 1804	clr_optimization_v2.0.50727_64 - ok
19:58:00.0694 1804	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:00.0702 1804	clr_optimization_v4.0.30319_32 - ok
19:58:00.0759 1804	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:58:00.0768 1804	clr_optimization_v4.0.30319_64 - ok
19:58:00.0803 1804	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:58:00.0833 1804	CmBatt - ok
19:58:00.0880 1804	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:58:00.0888 1804	cmdide - ok
19:58:00.0958 1804	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:58:00.0995 1804	CNG - ok
19:58:01.0040 1804	cnnctfy2        (040ff3b09f26926a3792e047db0f47dd) C:\Windows\system32\DRIVERS\cnnctfy2.sys
19:58:01.0049 1804	cnnctfy2 - ok
19:58:01.0090 1804	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:58:01.0098 1804	Compbatt - ok
19:58:01.0122 1804	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:58:01.0154 1804	CompositeBus - ok
19:58:01.0183 1804	COMSysApp - ok
19:58:01.0262 1804	Connectify      (4361c4cafbeac86627f2132e103d9e5b) C:\Program Files (x86)\Connectify\ConnectifyService.exe
19:58:01.0289 1804	Connectify ( UnsignedFile.Multi.Generic ) - warning
19:58:01.0289 1804	Connectify - detected UnsignedFile.Multi.Generic (1)
19:58:01.0400 1804	cphs            (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:58:01.0412 1804	cphs - ok
19:58:01.0461 1804	cpuz135         (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
19:58:01.0470 1804	cpuz135 - ok
19:58:01.0507 1804	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:58:01.0516 1804	crcdisk - ok
19:58:01.0592 1804	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:58:01.0625 1804	CryptSvc - ok
19:58:01.0685 1804	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:58:01.0736 1804	CSC - ok
19:58:01.0821 1804	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:58:01.0855 1804	CscService - ok
19:58:01.0932 1804	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:58:01.0986 1804	DcomLaunch - ok
19:58:02.0043 1804	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:58:02.0092 1804	defragsvc - ok
19:58:02.0163 1804	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:58:02.0208 1804	DfsC - ok
19:58:02.0279 1804	dg_ssudbus      (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
19:58:02.0288 1804	dg_ssudbus - ok
19:58:02.0349 1804	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:58:02.0395 1804	Dhcp - ok
19:58:02.0439 1804	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:58:02.0490 1804	discache - ok
19:58:02.0552 1804	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:58:02.0561 1804	Disk - ok
19:58:02.0595 1804	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:58:02.0629 1804	Dnscache - ok
19:58:02.0670 1804	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:58:02.0715 1804	dot3svc - ok
19:58:02.0766 1804	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:58:02.0810 1804	DPS - ok
19:58:02.0870 1804	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:58:02.0898 1804	drmkaud - ok
19:58:02.0988 1804	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:03.0009 1804	DXGKrnl - ok
19:58:03.0039 1804	EagleX64 - ok
19:58:03.0077 1804	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:58:03.0121 1804	EapHost - ok
19:58:03.0334 1804	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:58:03.0436 1804	ebdrv - ok
19:58:03.0565 1804	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:58:03.0608 1804	EFS - ok
19:58:03.0702 1804	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:58:03.0739 1804	ehRecvr - ok
19:58:03.0771 1804	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:58:03.0782 1804	ehSched - ok
19:58:03.0916 1804	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:58:03.0931 1804	elxstor - ok
19:58:03.0983 1804	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:58:04.0003 1804	ErrDev - ok
19:58:04.0093 1804	ETD             (42b4d3d746b3625ef42233c3897e1f68) C:\Windows\system32\DRIVERS\ETD.sys
19:58:04.0104 1804	ETD - ok
19:58:04.0187 1804	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:58:04.0253 1804	EventSystem - ok
19:58:04.0311 1804	ewusbmbb - ok
19:58:04.0339 1804	ewusbnet - ok
19:58:04.0351 1804	ew_hwusbdev - ok
19:58:04.0411 1804	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:58:04.0436 1804	exfat - ok
19:58:04.0473 1804	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:58:04.0499 1804	fastfat - ok
19:58:04.0572 1804	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:58:04.0618 1804	Fax - ok
19:58:04.0667 1804	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:58:04.0686 1804	fdc - ok
19:58:04.0717 1804	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:58:04.0765 1804	fdPHost - ok
19:58:04.0790 1804	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:58:04.0838 1804	FDResPub - ok
19:58:04.0884 1804	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:58:04.0893 1804	FileInfo - ok
19:58:04.0897 1804	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:58:04.0921 1804	Filetrace - ok
19:58:05.0057 1804	FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:58:05.0083 1804	FLEXnet Licensing Service 64 - ok
19:58:05.0297 1804	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:05.0309 1804	flpydisk - ok
19:58:05.0359 1804	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:58:05.0371 1804	FltMgr - ok
19:58:05.0453 1804	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:58:05.0503 1804	FontCache - ok
19:58:05.0602 1804	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:05.0609 1804	FontCache3.0.0.0 - ok
19:58:05.0655 1804	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:58:05.0664 1804	FsDepends - ok
19:58:05.0692 1804	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:05.0700 1804	Fs_Rec - ok
19:58:05.0752 1804	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:58:05.0765 1804	fvevol - ok
19:58:05.0811 1804	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:58:05.0820 1804	gagp30kx - ok
19:58:05.0917 1804	GGSAFERDriver - ok
19:58:06.0049 1804	gogoc           (81c8557efb76328a2f6c303bab0f51c3) C:\Program Files\gogo6\gogoCLIENT\gogoc.exe
19:58:06.0061 1804	gogoc - ok
19:58:06.0096 1804	gogoTunnelDevice (65961d99898eb8b829d1bbd112c762c2) C:\Windows\system32\DRIVERS\gogotun.sys
19:58:06.0105 1804	gogoTunnelDevice - ok
19:58:06.0177 1804	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:58:06.0210 1804	gpsvc - ok
19:58:06.0247 1804	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:58:06.0273 1804	hcw85cir - ok
19:58:06.0356 1804	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:58:06.0396 1804	HdAudAddService - ok
19:58:06.0449 1804	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:58:06.0487 1804	HDAudBus - ok
19:58:06.0544 1804	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:58:06.0566 1804	HidBatt - ok
19:58:06.0583 1804	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:58:06.0605 1804	HidBth - ok
19:58:06.0667 1804	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:58:06.0691 1804	HidIr - ok
19:58:06.0723 1804	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:58:06.0766 1804	hidserv - ok
19:58:06.0830 1804	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:06.0840 1804	HidUsb - ok
19:58:06.0872 1804	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:58:06.0926 1804	hkmsvc - ok
19:58:06.0995 1804	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:58:07.0058 1804	HomeGroupListener - ok
19:58:07.0124 1804	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:58:07.0171 1804	HomeGroupProvider - ok
19:58:07.0230 1804	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:58:07.0239 1804	HpSAMD - ok
19:58:07.0358 1804	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:58:07.0427 1804	HTTP - ok
19:58:07.0445 1804	huawei_enumerator - ok
19:58:07.0471 1804	hwdatacard - ok
19:58:07.0508 1804	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:58:07.0516 1804	hwpolicy - ok
19:58:07.0520 1804	hwusbdev - ok
19:58:07.0554 1804	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:58:07.0564 1804	i8042prt - ok
19:58:07.0619 1804	iaStor          (c224331a54571c8c9162f7714400bbbd) C:\Windows\system32\DRIVERS\iaStor.sys
19:58:07.0631 1804	iaStor - ok
19:58:07.0691 1804	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:58:07.0705 1804	iaStorV - ok
19:58:07.0745 1804	IDMWFP          (f1458110073ad3b6c5dc3c592a36d1d0) C:\Windows\system32\DRIVERS\idmwfp.sys
19:58:07.0755 1804	IDMWFP - ok
19:58:07.0875 1804	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:58:07.0895 1804	idsvc - ok
19:58:08.0558 1804	igfx            (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:58:08.0855 1804	igfx - ok
19:58:09.0015 1804	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:58:09.0024 1804	iirsp - ok
19:58:09.0097 1804	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:58:09.0157 1804	IKEEXT - ok
19:58:09.0424 1804	IntcAzAudAddService (e83bb47c3446f0497019de7fd6c6a86f) C:\Windows\system32\drivers\RTKVHD64.sys
19:58:09.0532 1804	IntcAzAudAddService - ok
19:58:09.0684 1804	IntcDAud        (6c9fffeca9fed31347d211c5d1ffbd2d) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:58:09.0719 1804	IntcDAud - ok
19:58:09.0827 1804	Intel(R) Capability Licensing Service Interface (2d66067c7a8a0112156bcd1c0baa7042) C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:58:09.0839 1804	Intel(R) Capability Licensing Service Interface - ok
19:58:09.0939 1804	Intel(R) ME Service (92db7d70d029c6c8584ebfabf18f8d3c) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
19:58:09.0948 1804	Intel(R) ME Service - ok
19:58:09.0992 1804	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:58:10.0000 1804	intelide - ok
19:58:10.0045 1804	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:10.0076 1804	intelppm - ok
19:58:10.0121 1804	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:58:10.0167 1804	IPBusEnum - ok
19:58:10.0211 1804	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:10.0256 1804	IpFilterDriver - ok
19:58:10.0368 1804	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:58:10.0418 1804	iphlpsvc - ok
19:58:10.0461 1804	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:58:10.0493 1804	IPMIDRV - ok
19:58:10.0550 1804	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:58:10.0592 1804	IPNAT - ok
19:58:10.0622 1804	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:58:10.0660 1804	IRENUM - ok
19:58:10.0716 1804	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:58:10.0724 1804	isapnp - ok
19:58:10.0771 1804	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:58:10.0783 1804	iScsiPrt - ok
19:58:10.0892 1804	ISODrive        (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
19:58:10.0902 1804	ISODrive - ok
19:58:10.0942 1804	iusb3hcs        (6bcef45131c8b8e1c558be540b190b3c) C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:58:10.0951 1804	iusb3hcs - ok
19:58:10.0997 1804	iusb3hub        (f080eada8715f811b58bd35bb774f2f9) C:\Windows\system32\DRIVERS\iusb3hub.sys
19:58:11.0009 1804	iusb3hub - ok
19:58:11.0064 1804	iusb3xhc        (0f1756d9396740f053221fa6260fce66) C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:58:11.0082 1804	iusb3xhc - ok
19:58:11.0188 1804	jhi_service     (166fc0b36842135bc2d3c32df70ed0d6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:58:11.0197 1804	jhi_service - ok
19:58:11.0211 1804	jrdusbser - ok
19:58:11.0250 1804	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:58:11.0259 1804	kbdclass - ok
19:58:11.0290 1804	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:58:11.0321 1804	kbdhid - ok
19:58:11.0375 1804	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:58:11.0383 1804	kbfiltr - ok
19:58:11.0421 1804	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:11.0431 1804	KeyIso - ok
19:58:11.0453 1804	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:58:11.0462 1804	KSecDD - ok
19:58:11.0490 1804	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:58:11.0500 1804	KSecPkg - ok
19:58:11.0535 1804	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:58:11.0587 1804	ksthunk - ok
19:58:11.0665 1804	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:58:11.0707 1804	KtmRm - ok
19:58:11.0768 1804	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:58:11.0814 1804	LanmanServer - ok
19:58:11.0866 1804	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:58:11.0916 1804	LanmanWorkstation - ok
19:58:12.0076 1804	LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
19:58:12.0094 1804	LkCitadelServer - ok
19:58:12.0155 1804	lkClassAds      (99121fd465f7a65ac15eec3b4034c1e4) C:\Windows\SysWOW64\lkads.exe
19:58:12.0164 1804	lkClassAds - ok
19:58:12.0198 1804	lkTimeSync      (19c8d1b03a5229cbbe1037425701f55f) C:\Windows\SysWOW64\lktsrv.exe
19:58:12.0206 1804	lkTimeSync - ok
19:58:12.0341 1804	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:12.0365 1804	lltdio - ok
19:58:12.0421 1804	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:58:12.0463 1804	lltdsvc - ok
19:58:12.0513 1804	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:58:12.0538 1804	lmhosts - ok
19:58:12.0655 1804	LMS             (c56e64ba70dc822b84d100a6f8d690d3) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:58:12.0666 1804	LMS - ok
19:58:12.0722 1804	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:58:12.0732 1804	LSI_FC - ok
19:58:12.0754 1804	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:58:12.0763 1804	LSI_SAS - ok
19:58:12.0774 1804	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:58:12.0783 1804	LSI_SAS2 - ok
19:58:12.0845 1804	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:58:12.0855 1804	LSI_SCSI - ok
19:58:12.0905 1804	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:58:12.0952 1804	luafv - ok
19:58:12.0982 1804	massfilter - ok
19:58:13.0014 1804	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:58:13.0022 1804	MBAMProtector - ok
19:58:13.0100 1804	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:58:13.0113 1804	MBAMService - ok
19:58:13.0169 1804	mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
19:58:13.0181 1804	mcdbus - ok
19:58:13.0219 1804	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:58:13.0257 1804	Mcx2Svc - ok
19:58:13.0275 1804	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:58:13.0283 1804	megasas - ok
19:58:13.0357 1804	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:58:13.0369 1804	MegaSR - ok
19:58:13.0421 1804	MEIx64          (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
19:58:13.0429 1804	MEIx64 - ok
19:58:13.0507 1804	Microsoft SharePoint Workspace Audit Service - ok
19:58:13.0523 1804	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:13.0567 1804	MMCSS - ok
19:58:13.0595 1804	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:58:13.0646 1804	Modem - ok
19:58:13.0685 1804	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:58:13.0721 1804	monitor - ok
19:58:13.0755 1804	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:13.0763 1804	mouclass - ok
19:58:13.0817 1804	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:58:13.0850 1804	mouhid - ok
19:58:13.0902 1804	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:58:13.0911 1804	mountmgr - ok
19:58:13.0983 1804	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:58:13.0992 1804	MozillaMaintenance - ok
19:58:14.0026 1804	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:58:14.0036 1804	mpio - ok
19:58:14.0058 1804	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:58:14.0083 1804	mpsdrv - ok
19:58:14.0147 1804	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:58:14.0206 1804	MpsSvc - ok
19:58:14.0252 1804	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:58:14.0284 1804	MRxDAV - ok
19:58:14.0336 1804	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:14.0373 1804	mrxsmb - ok
19:58:14.0417 1804	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:14.0453 1804	mrxsmb10 - ok
19:58:14.0497 1804	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:14.0534 1804	mrxsmb20 - ok
19:58:14.0573 1804	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:58:14.0582 1804	msahci - ok
19:58:14.0611 1804	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:58:14.0621 1804	msdsm - ok
19:58:14.0654 1804	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:58:14.0689 1804	MSDTC - ok
19:58:14.0723 1804	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:58:14.0748 1804	Msfs - ok
19:58:14.0768 1804	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:58:14.0819 1804	mshidkmdf - ok
19:58:14.0864 1804	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:58:14.0872 1804	msisadrv - ok
19:58:14.0918 1804	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:58:14.0961 1804	MSiSCSI - ok
19:58:14.0963 1804	msiserver - ok
19:58:15.0024 1804	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:15.0092 1804	MSKSSRV - ok
19:58:15.0121 1804	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:15.0179 1804	MSPCLOCK - ok
19:58:15.0198 1804	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:58:15.0267 1804	MSPQM - ok
19:58:15.0326 1804	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:58:15.0339 1804	MsRPC - ok
19:58:15.0399 1804	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:58:15.0407 1804	mssmbios - ok
19:58:15.0455 1804	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:58:15.0493 1804	MSTEE - ok
19:58:15.0508 1804	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:58:15.0519 1804	MTConfig - ok
19:58:15.0549 1804	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:58:15.0558 1804	Mup - ok
19:58:15.0600 1804	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:58:15.0651 1804	napagent - ok
19:58:15.0725 1804	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:15.0764 1804	NativeWifiP - ok
19:58:15.0863 1804	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:58:15.0884 1804	NDIS - ok
19:58:15.0913 1804	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:15.0947 1804	NdisCap - ok
19:58:15.0977 1804	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:16.0001 1804	NdisTapi - ok
19:58:16.0036 1804	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:16.0085 1804	Ndisuio - ok
19:58:16.0132 1804	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:16.0183 1804	NdisWan - ok
19:58:16.0227 1804	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:58:16.0250 1804	NDProxy - ok
19:58:16.0271 1804	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:58:16.0321 1804	NetBIOS - ok
19:58:16.0380 1804	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:58:16.0423 1804	NetBT - ok
19:58:16.0477 1804	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:16.0487 1804	Netlogon - ok
19:58:16.0547 1804	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:58:16.0603 1804	Netman - ok
19:58:16.0706 1804	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:16.0715 1804	NetMsmqActivator - ok
19:58:16.0726 1804	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:16.0734 1804	NetPipeActivator - ok
19:58:16.0795 1804	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:58:16.0844 1804	netprofm - ok
19:58:16.0846 1804	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:16.0854 1804	NetTcpActivator - ok
19:58:16.0857 1804	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:16.0864 1804	NetTcpPortSharing - ok
19:58:16.0940 1804	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:58:16.0949 1804	nfrd960 - ok
19:58:17.0045 1804	NIDomainService (ceefde8face887d6dda664940404ea58) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
19:58:17.0057 1804	NIDomainService - ok
19:58:17.0142 1804	NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
19:58:17.0177 1804	NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
19:58:17.0177 1804	NILM License Manager - detected UnsignedFile.Multi.Generic (1)
19:58:17.0276 1804	niSvcLoc - ok
19:58:17.0383 1804	NitroDriverReadSpool2 (cfcc35d7bc10522b4be56eb9869541d1) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
19:58:17.0392 1804	NitroDriverReadSpool2 - ok
19:58:17.0497 1804	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:58:17.0546 1804	NlaSvc - ok
19:58:17.0594 1804	nlsX86cc        (3bc430cf68bc9ed111042bde2ddd72fa) C:\Windows\SysWOW64\NLSSRV32.EXE
19:58:17.0601 1804	nlsX86cc - ok
19:58:17.0655 1804	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
19:58:17.0664 1804	NPF - ok
19:58:17.0684 1804	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:58:17.0708 1804	Npfs - ok
19:58:17.0732 1804	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:58:17.0776 1804	nsi - ok
19:58:17.0812 1804	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:58:17.0863 1804	nsiproxy - ok
19:58:17.0983 1804	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:58:18.0013 1804	Ntfs - ok
19:58:18.0120 1804	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:58:18.0144 1804	Null - ok
19:58:18.0807 1804	nvlddmkm        (6f47f63075fd4c4522cc2f15c5ac7a06) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:58:19.0120 1804	nvlddmkm - ok
19:58:19.0234 1804	nvpciflt        (445a5bd14480a578615db4f4ccdcad84) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:58:19.0243 1804	nvpciflt - ok
19:58:19.0293 1804	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:58:19.0303 1804	nvraid - ok
19:58:19.0334 1804	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:58:19.0344 1804	nvstor - ok
19:58:19.0412 1804	nvsvc           (783215d9840e74b05f91a7d55dc03210) C:\Windows\system32\nvvsvc.exe
19:58:19.0433 1804	nvsvc - ok
19:58:19.0616 1804	nvUpdatusService (6aab18ad52b106230b247e0d9e20b97e) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:58:19.0648 1804	nvUpdatusService - ok
19:58:19.0795 1804	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:58:19.0805 1804	nv_agp - ok
19:58:19.0859 1804	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:58:19.0885 1804	ohci1394 - ok
19:58:19.0986 1804	ose64           (937728f2a15f941b372c89acb9cef1af) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:19.0996 1804	ose64 - ok
19:58:20.0279 1804	osppsvc         (31dc8d825d2c4eb0ff7ed021bb92c541) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:58:20.0401 1804	osppsvc - ok
19:58:20.0521 1804	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:20.0535 1804	p2pimsvc - ok
19:58:20.0572 1804	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:58:20.0588 1804	p2psvc - ok
19:58:20.0651 1804	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:58:20.0662 1804	Parport - ok
19:58:20.0705 1804	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:58:20.0714 1804	partmgr - ok
19:58:20.0750 1804	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:58:20.0783 1804	PcaSvc - ok
19:58:20.0827 1804	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:58:20.0838 1804	pci - ok
19:58:20.0876 1804	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:58:20.0884 1804	pciide - ok
19:58:20.0949 1804	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:20.0960 1804	pcmcia - ok
19:58:20.0987 1804	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:58:20.0995 1804	pcw - ok
19:58:21.0042 1804	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:58:21.0092 1804	PEAUTH - ok
19:58:21.0196 1804	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:58:21.0240 1804	PeerDistSvc - ok
19:58:21.0360 1804	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:58:21.0391 1804	PerfHost - ok
19:58:21.0559 1804	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:58:21.0618 1804	pla - ok
19:58:21.0698 1804	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:58:21.0731 1804	PlugPlay - ok
19:58:21.0758 1804	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:58:21.0789 1804	PNRPAutoReg - ok
19:58:21.0833 1804	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:58:21.0846 1804	PNRPsvc - ok
19:58:21.0892 1804	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:58:21.0947 1804	PolicyAgent - ok
19:58:21.0991 1804	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:58:22.0041 1804	Power - ok
19:58:22.0111 1804	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:22.0160 1804	PptpMiniport - ok
19:58:22.0204 1804	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:58:22.0226 1804	Processor - ok
19:58:22.0277 1804	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:58:22.0289 1804	ProfSvc - ok
19:58:22.0309 1804	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:22.0319 1804	ProtectedStorage - ok
19:58:22.0364 1804	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:58:22.0414 1804	Psched - ok
19:58:22.0477 1804	pwdrvio         (d8589a43b352e7f2317194c98447149f) C:\Windows\system32\pwdrvio.sys
19:58:22.0487 1804	pwdrvio - ok
19:58:22.0539 1804	pwdspio         (4b8fda635f4d2e7d638b2b3817b5afc8) C:\Windows\system32\pwdspio.sys
19:58:22.0550 1804	pwdspio - ok
19:58:22.0649 1804	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:58:22.0678 1804	ql2300 - ok
19:58:22.0836 1804	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:58:22.0845 1804	ql40xx - ok
19:58:22.0890 1804	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:58:22.0906 1804	QWAVE - ok
19:58:22.0921 1804	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:58:22.0954 1804	QWAVEdrv - ok
19:58:23.0011 1804	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:23.0051 1804	RasAcd - ok
19:58:23.0089 1804	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:23.0140 1804	RasAgileVpn - ok
19:58:23.0186 1804	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:58:23.0239 1804	RasAuto - ok
19:58:23.0287 1804	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:23.0336 1804	Rasl2tp - ok
19:58:23.0411 1804	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:58:23.0459 1804	RasMan - ok
19:58:23.0509 1804	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:23.0558 1804	RasPppoe - ok
19:58:23.0588 1804	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:23.0632 1804	RasSstp - ok
19:58:23.0674 1804	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:23.0723 1804	rdbss - ok
19:58:23.0759 1804	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:58:23.0789 1804	rdpbus - ok
19:58:23.0823 1804	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:23.0874 1804	RDPCDD - ok
19:58:23.0925 1804	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:58:23.0937 1804	RDPDR - ok
19:58:23.0954 1804	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:58:24.0000 1804	RDPENCDD - ok
19:58:24.0033 1804	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:58:24.0057 1804	RDPREFMP - ok
19:58:24.0095 1804	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:24.0126 1804	RdpVideoMiniport - ok
19:58:24.0169 1804	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:58:24.0181 1804	RDPWD - ok
19:58:24.0232 1804	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:58:24.0243 1804	rdyboost - ok
19:58:24.0278 1804	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:58:24.0331 1804	RemoteAccess - ok
19:58:24.0372 1804	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:58:24.0427 1804	RemoteRegistry - ok
19:58:24.0481 1804	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:58:24.0521 1804	RFCOMM - ok
19:58:24.0620 1804	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
19:58:24.0628 1804	rpcapd - ok
19:58:24.0660 1804	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:58:24.0712 1804	RpcEptMapper - ok
19:58:24.0746 1804	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:58:24.0757 1804	RpcLocator - ok
19:58:24.0810 1804	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:58:24.0837 1804	RpcSs - ok
19:58:24.0890 1804	RSBASTOR        (7d9a999ccbb82020321bccfeb9bb3c91) C:\Windows\system32\DRIVERS\RtsBaStor.sys
19:58:24.0902 1804	RSBASTOR - ok
19:58:24.0948 1804	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:24.0972 1804	rspndr - ok
19:58:25.0041 1804	RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:58:25.0056 1804	RTL8167 - ok
19:58:25.0084 1804	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:58:25.0116 1804	s3cap - ok
19:58:25.0155 1804	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:25.0165 1804	SamSs - ok
19:58:25.0200 1804	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:58:25.0209 1804	sbp2port - ok
19:58:25.0247 1804	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:58:25.0300 1804	SCardSvr - ok
19:58:25.0336 1804	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:58:25.0380 1804	scfilter - ok
19:58:25.0472 1804	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:58:25.0508 1804	Schedule - ok
19:58:25.0537 1804	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:58:25.0560 1804	SCPolicySvc - ok
19:58:25.0587 1804	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:58:25.0617 1804	SDRSVC - ok
19:58:25.0692 1804	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:58:25.0741 1804	secdrv - ok
19:58:25.0766 1804	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:58:25.0818 1804	seclogon - ok
19:58:25.0856 1804	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:58:25.0881 1804	SENS - ok
19:58:25.0895 1804	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:58:25.0906 1804	SensrSvc - ok
19:58:25.0949 1804	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:58:25.0972 1804	Serenum - ok
19:58:25.0995 1804	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:58:26.0017 1804	Serial - ok
19:58:26.0077 1804	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:58:26.0104 1804	sermouse - ok
19:58:26.0152 1804	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:58:26.0177 1804	SessionEnv - ok
19:58:26.0208 1804	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:58:26.0232 1804	sffdisk - ok
19:58:26.0252 1804	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:26.0275 1804	sffp_mmc - ok
19:58:26.0297 1804	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:58:26.0335 1804	sffp_sd - ok
19:58:26.0395 1804	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:58:26.0405 1804	sfloppy - ok
19:58:26.0470 1804	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:58:26.0519 1804	SharedAccess - ok
19:58:26.0569 1804	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:58:26.0623 1804	ShellHWDetection - ok
19:58:26.0673 1804	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:58:26.0682 1804	SiSRaid2 - ok
19:58:26.0739 1804	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:58:26.0748 1804	SiSRaid4 - ok
19:58:26.0987 1804	Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:58:27.0027 1804	Skype C2C Service - ok
19:58:27.0167 1804	SkypeUpdate     (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:58:27.0175 1804	SkypeUpdate - ok
19:58:27.0344 1804	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:58:27.0383 1804	Smb - ok
19:58:27.0427 1804	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:58:27.0440 1804	SNMPTRAP - ok
19:58:27.0464 1804	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:58:27.0472 1804	spldr - ok
19:58:27.0538 1804	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:58:27.0569 1804	Spooler - ok
19:58:27.0744 1804	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:58:27.0865 1804	sppsvc - ok
19:58:27.0982 1804	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:58:28.0027 1804	sppuinotify - ok
19:58:28.0098 1804	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:58:28.0133 1804	srv - ok
19:58:28.0192 1804	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:58:28.0205 1804	srv2 - ok
19:58:28.0241 1804	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:28.0277 1804	srvnet - ok
19:58:28.0323 1804	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
19:58:28.0362 1804	ssadbus - ok
19:58:28.0403 1804	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:58:28.0439 1804	ssadmdfl - ok
19:58:28.0489 1804	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:58:28.0526 1804	ssadmdm - ok
19:58:28.0588 1804	ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
19:58:28.0617 1804	ssadserd - ok
19:58:28.0662 1804	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
19:58:28.0672 1804	sscdbus - ok
19:58:28.0680 1804	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:58:28.0688 1804	sscdmdfl - ok
19:58:28.0710 1804	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:58:28.0720 1804	sscdmdm - ok
19:58:28.0769 1804	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:58:28.0816 1804	SSDPSRV - ok
19:58:28.0850 1804	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:58:28.0876 1804	SstpSvc - ok
19:58:28.0929 1804	ssudmdm         (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:58:28.0940 1804	ssudmdm - ok
19:58:28.0965 1804	ssudserd        (5347940cdd29b66c0fc1747274ba5ff0) C:\Windows\system32\DRIVERS\ssudserd.sys
19:58:28.0976 1804	ssudserd - ok
19:58:29.0037 1804	Steam Client Service - ok
19:58:29.0074 1804	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:58:29.0083 1804	stexstor - ok
19:58:29.0169 1804	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:58:29.0212 1804	stisvc - ok
19:58:29.0249 1804	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:58:29.0257 1804	storflt - ok
19:58:29.0268 1804	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:58:29.0277 1804	storvsc - ok
19:58:29.0300 1804	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:58:29.0309 1804	swenum - ok
19:58:29.0362 1804	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:58:29.0418 1804	swprv - ok
19:58:29.0446 1804	Synth3dVsc - ok
19:58:29.0564 1804	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:58:29.0621 1804	SysMain - ok
19:58:29.0725 1804	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:58:29.0740 1804	TabletInputService - ok
19:58:29.0774 1804	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:58:29.0821 1804	TapiSrv - ok
19:58:29.0860 1804	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:58:29.0906 1804	TBS - ok
19:58:30.0058 1804	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:58:30.0092 1804	Tcpip - ok
19:58:30.0315 1804	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:30.0340 1804	TCPIP6 - ok
19:58:30.0468 1804	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:58:30.0491 1804	tcpipreg - ok
19:58:30.0525 1804	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:58:30.0547 1804	TDPIPE - ok
19:58:30.0585 1804	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:58:30.0617 1804	TDTCP - ok
19:58:30.0663 1804	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:58:30.0687 1804	tdx - ok
19:58:30.0713 1804	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:58:30.0722 1804	TermDD - ok
19:58:30.0803 1804	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:58:30.0860 1804	TermService - ok
19:58:30.0899 1804	Themes          (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
19:58:30.0928 1804	Themes ( UnsignedFile.Multi.Generic ) - warning
19:58:30.0928 1804	Themes - detected UnsignedFile.Multi.Generic (1)
19:58:30.0957 1804	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:58:30.0981 1804	THREADORDER - ok
19:58:31.0007 1804	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:58:31.0033 1804	TrkWks - ok
19:58:31.0094 1804	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:58:31.0119 1804	TrustedInstaller - ok
19:58:31.0138 1804	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:31.0185 1804	tssecsrv - ok
19:58:31.0222 1804	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:58:31.0232 1804	TsUsbFlt - ok
19:58:31.0244 1804	tsusbhub - ok
19:58:31.0425 1804	TuneUp.UtilitiesSvc (8dd1f81749a966ea5a96cb2d89c9670c) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:58:31.0452 1804	TuneUp.UtilitiesSvc - ok
19:58:31.0548 1804	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:58:31.0556 1804	TuneUpUtilitiesDrv - ok
19:58:31.0691 1804	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:31.0736 1804	tunnel - ok
19:58:31.0790 1804	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:58:31.0799 1804	uagp35 - ok
19:58:31.0856 1804	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:58:31.0906 1804	udfs - ok
19:58:31.0953 1804	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:58:31.0966 1804	UI0Detect - ok
19:58:32.0012 1804	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:58:32.0021 1804	uliagpkx - ok
19:58:32.0068 1804	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:58:32.0097 1804	umbus - ok
19:58:32.0154 1804	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:58:32.0178 1804	UmPass - ok
19:58:32.0224 1804	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:58:32.0256 1804	UmRdpService - ok
19:58:32.0360 1804	UNS             (0f9e1bc7e2bea1a4108ec9736cf0c2d9) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:58:32.0373 1804	UNS - ok
19:58:32.0409 1804	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:58:32.0456 1804	upnphost - ok
19:58:32.0510 1804	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:32.0520 1804	usbccgp - ok
19:58:32.0563 1804	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:58:32.0584 1804	usbcir - ok
19:58:32.0632 1804	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:58:32.0664 1804	usbehci - ok
19:58:32.0725 1804	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:32.0764 1804	usbhub - ok
19:58:32.0802 1804	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:58:32.0830 1804	usbohci - ok
19:58:32.0882 1804	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:58:32.0906 1804	usbprint - ok
19:58:32.0967 1804	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:32.0986 1804	usbscan - ok
19:58:33.0034 1804	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:33.0071 1804	USBSTOR - ok
19:58:33.0112 1804	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:58:33.0150 1804	usbuhci - ok
19:58:33.0216 1804	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:58:33.0230 1804	usbvideo - ok
19:58:33.0247 1804	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:58:33.0300 1804	UxSms - ok
19:58:33.0365 1804	UxTuneUp        (1ca2321789a7188a36f376905daf9c0a) C:\Windows\System32\uxtuneup.dll
19:58:33.0373 1804	UxTuneUp - ok
19:58:33.0399 1804	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:58:33.0409 1804	VaultSvc - ok
19:58:33.0462 1804	VBoxDrv         (ed492636ee26ec43daa4baa7ef0da7ad) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:58:33.0474 1804	VBoxDrv - ok
19:58:33.0527 1804	VBoxNetAdp      (58e2365e7fd880624f648c63c5d22009) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:58:33.0538 1804	VBoxNetAdp - ok
19:58:33.0580 1804	VBoxNetFlt      (5160910ce602710d7e87f1b35487e7db) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:58:33.0591 1804	VBoxNetFlt - ok
19:58:33.0638 1804	VBoxUSBMon      (99906a079a6c24d4b8b0dbed02b7869b) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:58:33.0647 1804	VBoxUSBMon - ok
19:58:33.0697 1804	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:58:33.0706 1804	vdrvroot - ok
19:58:33.0765 1804	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:58:33.0796 1804	vds - ok
19:58:33.0842 1804	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:33.0854 1804	vga - ok
19:58:33.0881 1804	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:58:33.0929 1804	VgaSave - ok
19:58:33.0931 1804	VGPU - ok
19:58:33.0988 1804	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:58:33.0999 1804	vhdmp - ok
19:58:34.0037 1804	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:58:34.0045 1804	viaide - ok
19:58:34.0081 1804	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:58:34.0092 1804	vmbus - ok
19:58:34.0103 1804	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:58:34.0140 1804	VMBusHID - ok
19:58:34.0182 1804	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:58:34.0191 1804	volmgr - ok
19:58:34.0233 1804	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:58:34.0246 1804	volmgrx - ok
19:58:34.0285 1804	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:58:34.0297 1804	volsnap - ok
19:58:34.0354 1804	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:58:34.0364 1804	vsmraid - ok
19:58:34.0481 1804	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:58:34.0551 1804	VSS - ok
19:58:34.0703 1804	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:58:34.0736 1804	vwifibus - ok
19:58:34.0774 1804	vwififlt        (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
19:58:34.0805 1804	vwififlt - ok
19:58:34.0845 1804	vwifimp         (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
19:58:34.0874 1804	vwifimp - ok
19:58:34.0943 1804	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:58:34.0973 1804	W32Time - ok
19:58:35.0005 1804	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:58:35.0015 1804	WacomPen - ok
19:58:35.0067 1804	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:35.0116 1804	WANARP - ok
19:58:35.0139 1804	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:35.0163 1804	Wanarpv6 - ok
19:58:35.0267 1804	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:58:35.0293 1804	WatAdminSvc - ok
19:58:35.0381 1804	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:58:35.0431 1804	wbengine - ok
19:58:35.0553 1804	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:58:35.0570 1804	WbioSrvc - ok
19:58:35.0623 1804	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:58:35.0662 1804	wcncsvc - ok
19:58:35.0693 1804	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:58:35.0705 1804	WcsPlugInService - ok
19:58:35.0761 1804	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:58:35.0769 1804	Wd - ok
19:58:35.0839 1804	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:58:35.0856 1804	Wdf01000 - ok
19:58:35.0870 1804	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:35.0912 1804	WdiServiceHost - ok
19:58:35.0914 1804	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:58:35.0929 1804	WdiSystemHost - ok
19:58:35.0987 1804	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:58:36.0022 1804	WebClient - ok
19:58:36.0070 1804	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:58:36.0125 1804	Wecsvc - ok
19:58:36.0157 1804	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:58:36.0200 1804	wercplsupport - ok
19:58:36.0240 1804	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:58:36.0266 1804	WerSvc - ok
19:58:36.0307 1804	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:36.0348 1804	WfpLwf - ok
19:58:36.0409 1804	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:58:36.0420 1804	WimFltr - ok
19:58:36.0450 1804	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:58:36.0459 1804	WIMMount - ok
19:58:36.0492 1804	WinDefend - ok
19:58:36.0497 1804	WinHttpAutoProxySvc - ok
19:58:36.0565 1804	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:58:36.0618 1804	Winmgmt - ok
19:58:36.0744 1804	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:58:36.0814 1804	WinRM - ok
19:58:36.0969 1804	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:36.0981 1804	WinUsb - ok
19:58:37.0050 1804	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:58:37.0074 1804	Wlansvc - ok
19:58:37.0099 1804	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:58:37.0128 1804	WmiAcpi - ok
19:58:37.0216 1804	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:37.0248 1804	wmiApSrv - ok
19:58:37.0296 1804	WMPNetworkSvc - ok
19:58:37.0332 1804	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:58:37.0344 1804	WPCSvc - ok
19:58:37.0381 1804	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:58:37.0395 1804	WPDBusEnum - ok
19:58:37.0420 1804	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:37.0443 1804	ws2ifsl - ok
19:58:37.0468 1804	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:58:37.0501 1804	wscsvc - ok
19:58:37.0503 1804	WSearch - ok
19:58:37.0642 1804	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:58:37.0685 1804	wuauserv - ok
19:58:37.0814 1804	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:58:37.0860 1804	WudfPf - ok
19:58:37.0922 1804	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:37.0970 1804	WUDFRd - ok
19:58:38.0007 1804	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:58:38.0032 1804	wudfsvc - ok
19:58:38.0072 1804	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:58:38.0111 1804	WwanSvc - ok
19:58:38.0242 1804	YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:58:38.0254 1804	YahooAUService - ok
19:58:38.0308 1804	ZAtheros Bt&Wlan Coex Agent (d83c2ff7ea53e66b8ea7901d710494ea) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:58:38.0315 1804	ZAtheros Bt&Wlan Coex Agent - ok
19:58:38.0338 1804	ZTEusbmdm6k - ok
19:58:38.0349 1804	ZTEusbnmea - ok
19:58:38.0357 1804	ZTEusbser6k - ok
19:58:38.0364 1804	ZTEusbvoice - ok
19:58:38.0416 1804	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:58:38.0851 1804	\Device\Harddisk0\DR0 - ok
19:58:38.0853 1804	Boot (0x1200)   (3034b1071791cdcc21bfe4ae520119ac) \Device\Harddisk0\DR0\Partition0
19:58:38.0854 1804	\Device\Harddisk0\DR0\Partition0 - ok
19:58:38.0886 1804	Boot (0x1200)   (ea4b63ad979a12b43fbee8b51904285f) \Device\Harddisk0\DR0\Partition1
19:58:38.0887 1804	\Device\Harddisk0\DR0\Partition1 - ok
19:58:38.0908 1804	Boot (0x1200)   (37e55d5bbe5ff2000f7cddf731d7ae21) \Device\Harddisk0\DR0\Partition2
19:58:38.0910 1804	\Device\Harddisk0\DR0\Partition2 - ok
19:58:38.0910 1804	============================================================
19:58:38.0910 1804	Scan finished
19:58:38.0910 1804	============================================================
19:58:38.0916 5248	Detected object count: 4
19:58:38.0916 5248	Actual detected object count: 4
19:59:03.0013 5248	AIPS ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:03.0013 5248	AIPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:59:03.0013 5248	Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:03.0013 5248	Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:59:03.0014 5248	NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:03.0014 5248	NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:59:03.0014 5248	Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:03.0014 5248	Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip

  • 0

#4
rhomel
Posted 12 August 2012 - 06:01 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
only OLT.txt w/o Extras.txt



OTL logfile created on: 8/12/2012 8:03:37 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rhomel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.17% Memory free
7.78 Gb Paging File | 6.16 Gb Available in Paging File | 79.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 405.67 Gb Total Space | 349.25 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 292.87 Gb Total Space | 235.77 Gb Free Space | 80.50% Space Free | Partition Type: NTFS

Computer Name: RHOMEL-PC | User Name: Rhomel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rhomel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Connectify\Connectifyd.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\USB Disk Security\USBGuard.exe (AbeGunnerZ Lab)
PRC - C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (gogoc) -- C:\Program Files\gogo6\gogoCLIENT\gogoc.exe (gogo6, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (AIPS) -- C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (gogoTunnelDevice) -- C:\Windows\SysNative\drivers\gogotun.sys (gogo6 Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00094dbc9ab1f0d
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00094dbc9ab1f0d
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-07 20:58:41&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...m.ph/search?q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://www.google.co...m.ph/search?q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rhomel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/08 18:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/18 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/11 20:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/11 20:24:07 | 000,000,000 | ---D | M]

[2012/06/28 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Extensions
[2012/08/10 18:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Firefox\Profiles\a1fd0z6f.default\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/08 18:27:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 20:24:07 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\RHOMEL\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/07/19 17:24:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/05/25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/06/23 18:20:16 | 000,033,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/07/07 20:58:34 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/10 17:26:42 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/19 17:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/19 17:24:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Rhomel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Bcool = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmjkkjndoaafncpbmlifpeabbapkfom\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Skype Click to Call = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.5.3_0\

O1 HOSTS File: ([2012/07/21 22:29:03 | 000,000,865 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 updates.connectify.me
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (AbeGunnerZ Lab)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-269433224-411305373-2250994567-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-269433224-411305373-2250994567-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-269433224-411305373-2250994567-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-269433224-411305373-2250994567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{212C1621-DD63-4548-A3DB-6CCE1E4C8CE5}: NameServer = 192.168.31.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5612C4-53DA-48D5-8000-D4F4661D4DC4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E156B9CC-8764-4C61-80EF-0B9709EFD6CE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F721C091-B959-4759-AB9C-32F30D02584B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-269433224-411305373-2250994567-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{e77a9629-e4bd-11e1-8dae-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{e77a9629-e4bd-11e1-8dae-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e77a9644-e4bd-11e1-8dae-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{e77a9644-e4bd-11e1-8dae-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 20:00:28 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/12 19:57:25 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rhomel\Desktop\tdsskiller_2.exe
[2012/08/12 13:49:04 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2012/08/11 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/08/11 20:22:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/11 18:30:08 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/08/10 19:53:52 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/10 19:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/10 19:18:28 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/10 17:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/08/10 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Babylon
[2012/08/10 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/10 17:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro1
[2012/08/10 17:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bcool
[2012/08/09 03:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2012/08/09 03:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2012/08/09 03:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2012/08/09 03:06:38 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\My ISO Files
[2012/08/09 02:45:29 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/09 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\WinPatrol
[2012/08/09 01:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/08/07 11:52:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP
[2012/08/04 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/02 07:26:12 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\Documents\Notes
[2012/07/31 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/07/31 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/07/31 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
[2012/07/31 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\netcut
[2012/07/31 06:51:03 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012/07/31 06:51:03 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012/07/30 22:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\HonLauncher
[2012/07/30 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Chromium
[2012/07/30 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\Heroes of Newerth (Garena)
[2012/07/30 20:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaHoN
[2012/07/30 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Garena
[2012/07/29 20:50:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/29 18:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gogo6
[2012/07/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\gogo6
[2012/07/29 15:26:10 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/27 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canopy
[2012/07/27 00:50:10 | 000,000,000 | ---D | C] -- C:\Canopy
[2012/07/27 00:50:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012/07/27 00:49:53 | 000,000,000 | -H-D | C] -- C:\Users\Rhomel\InstallAnywhere
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 08:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun Broadband Wireless
[2012/07/24 16:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disktrix
[2012/07/24 16:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disktrix
[2012/07/24 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012/07/23 23:12:40 | 000,000,000 | ---D | C] -- C:\Temp
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/07/23 23:06:08 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/07/23 22:51:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/23 22:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Samsung
[2012/07/23 22:48:58 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/07/23 22:48:55 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\samsung
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/07/23 22:47:28 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/07/23 22:47:28 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/07/23 22:47:28 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012/07/23 22:47:28 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/07/23 22:46:52 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/07/23 22:46:52 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/07/23 22:46:52 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/07/23 22:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/07/23 22:45:42 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/23 22:45:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/07/23 22:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/07/23 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Downloaded Installations
[2012/07/22 00:30:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/22 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/07/22 00:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/07/22 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2012/07/21 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UX Pack
[2012/07/21 23:32:22 | 000,000,000 | ---D | C] -- C:\UXFiles
[2012/07/21 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\SkinSoft
[2012/07/21 01:02:03 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/07/20 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unified Remote
[2012/07/20 18:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/07/20 18:38:42 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012/07/20 18:38:42 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/07/20 18:38:42 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/07/20 18:38:42 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/07/20 18:38:39 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012/07/20 18:38:30 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/07/19 23:52:34 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/07/19 23:52:34 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/07/19 23:52:34 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/07/19 23:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/19 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/19 23:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/07/19 23:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/07/19 23:51:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/19 17:08:15 | 010,235,904 | ---- | C] (AutoDWG) -- C:\Windows\SysWow64\PDF2DWG.dll
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoDWG
[2012/07/19 00:03:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Shared Memory
[2012/07/18 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\[email protected]
[2012/07/18 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2012/07/18 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/07/18 20:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/18 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/07/18 00:09:36 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/18 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012/07/17 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/17 21:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/17 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/17 19:11:31 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Temp
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/07/17 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/07/17 17:20:24 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Malwarebytes
[2012/07/17 17:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/07/17 16:35:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/07/17 16:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/15 16:57:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012/07/15 12:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack
[2012/07/15 12:42:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MetroClock
[2012/07/15 12:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Diagnostics
[2012/07/15 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Labcenter Electronics
[2012/07/15 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Data Sheets
[2012/07/15 05:35:44 | 001,048,576 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2012/07/15 05:35:44 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL
[2012/07/15 05:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Labcenter Electronics
[2012/07/15 03:04:45 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\PTC
[2012/07/15 03:04:42 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Mathsoft
[2012/07/15 03:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PTC
[2012/07/15 03:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PTC
[2012/07/15 03:00:22 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Mathsoft
[2012/07/15 02:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathcad
[2012/07/15 02:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSXML 4.0
[2012/07/15 02:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/07/15 00:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/15 00:49:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/07/15 00:49:09 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/07/15 00:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series
[2012/07/15 00:48:47 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/07/15 00:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DipTrace
[2012/07/15 00:41:22 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\DipTrace
[2012/07/15 00:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DipTrace
[2012/07/15 00:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DipTrace
[2012/07/14 22:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\ShamurShamur

========== Files - Modified Within 30 Days ==========

[2012/08/12 20:00:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/12 19:57:25 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rhomel\Desktop\tdsskiller_2.exe
[2012/08/12 19:50:49 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 19:50:48 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 19:50:36 | 000,197,262 | ---- | M] () -- C:\Users\Rhomel\Desktop\dasd.png
[2012/08/12 19:42:55 | 000,000,380 | ---- | M] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/08/12 19:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 19:42:04 | 3131,490,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/12 17:23:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/08/12 14:56:55 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 14:56:55 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 14:56:55 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/11 20:22:00 | 001,403,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/11 15:09:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 23:40:14 | 000,000,802 | ---- | M] () -- C:\0
[2012/08/10 23:23:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/08/10 17:27:20 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/08/09 09:15:10 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/09 09:15:10 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/08/09 03:19:38 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/04 20:58:04 | 000,000,219 | ---- | M] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/08/04 13:17:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 17:23:14 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/01 05:27:07 | 000,002,162 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/31 17:15:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/31 16:46:30 | 000,704,512 | ---- | M] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | M] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | M] () -- C:\Windows\is-RODFQ.lst
[2012/07/30 20:52:24 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | M] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/27 00:31:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/23 23:11:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:57:03 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/23 22:48:45 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | M] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | M] () -- C:\Windows\clwcp.bmp
[2012/07/21 22:29:03 | 000,000,865 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 22:14:22 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/07/20 18:39:31 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat
[2012/07/20 18:39:28 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/07/20 18:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/07/19 23:52:19 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/18 22:36:50 | 000,002,681 | ---- | M] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | M] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | M] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/17 19:29:52 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini
[2012/07/17 19:27:05 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | M] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/16 00:51:09 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/15 02:59:10 | 000,002,050 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mathcad 15.lnk
[2012/07/15 02:59:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Mathcad 15.lnk

========== Files Created - No Company Name ==========

[2012/08/12 19:50:36 | 000,197,262 | ---- | C] () -- C:\Users\Rhomel\Desktop\dasd.png
[2012/08/11 20:22:00 | 001,403,864 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/11 17:40:44 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/11 15:09:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 19:13:57 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/08/10 19:13:56 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/08/10 17:27:20 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/08/07 17:18:40 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/04 20:58:04 | 000,000,219 | ---- | C] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/07/31 16:46:30 | 000,704,512 | ---- | C] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | C] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | C] () -- C:\Windows\is-RODFQ.lst
[2012/07/31 16:46:29 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012/07/30 20:52:24 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | C] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/23 23:11:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:48:45 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | C] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | C] () -- C:\Windows\clwcp.bmp
[2012/07/21 23:32:26 | 000,517,120 | ---- | C] () -- C:\Windows\SysWow64\CLWCP.exe
[2012/07/21 23:32:25 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/07/19 23:52:19 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/19 17:08:14 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\AxEImage.dll
[2012/07/19 17:08:14 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2012/07/18 22:36:50 | 000,002,681 | ---- | C] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | C] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | C] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/17 21:58:51 | 002,587,633 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/17 21:57:00 | 000,012,780 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/17 21:45:13 | 000,000,380 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/07/17 19:27:05 | 000,002,408 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | C] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/17 17:50:56 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/07/17 17:50:53 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/16 00:48:04 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/15 02:59:10 | 000,002,050 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mathcad 15.lnk
[2012/07/15 02:59:10 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Mathcad 15.lnk
[2012/07/12 00:17:45 | 000,045,270 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\room_v3.dat
[2012/07/08 23:03:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/08 23:03:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/06/28 13:24:48 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 11:50:39 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/06/28 11:50:39 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/06/28 11:50:39 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/06/28 11:50:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012/06/30 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)
[2012/07/07 08:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Autodesk
[2012/08/10 17:26:06 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Babylon
[2012/07/18 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/29 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/15 04:28:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DAEMON Tools Pro
[2012/08/12 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DMCache
[2012/07/04 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Downloaded Installations
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/08/03 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\GarenaPlus
[2012/08/12 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/07/08 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ImgBurn
[2012/07/15 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Mathsoft
[2012/07/06 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\National Instruments
[2012/08/02 04:02:47 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Nitro PDF
[2012/08/11 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Notepad++
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/15 03:04:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\PTC
[2012/07/23 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/08/11 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TeraCopy
[2012/07/31 06:49:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/20 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/08/11 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\uTorrent
[2012/08/09 01:43:25 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\WinPatrol
[2012/07/04 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Zbshareware Lab
[2012/07/05 13:02:47 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/07/05 13:02:47 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/06/29 03:54:32 | 000,000,828 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/06/29 03:54:32 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/08/12 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/08/09 09:15:10 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/09 09:15:10 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\RegCure Pro.job
[2012/07/20 19:23:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
  • 0

#5
rhomel
Posted 12 August 2012 - 06:12 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
MY laptop was slow boot in start-up of my windows 7
  • 0

#6
Gammo
Posted 13 August 2012 - 07:12 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00094dbc9ab1f0d
IE - HKU\S-1-5-21-269433224-411305373-2250994567-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00094dbc9ab1f0d
[2012/08/10 17:26:42 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O20 - HKU\S-1-5-21-269433224-411305373-2250994567-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
[2012/08/10 17:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/08/10 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Babylon
[2012/08/10 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/10 17:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro1
[2012/08/10 17:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bcool
[2012/06/30 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)
[2012/08/10 17:26:06 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Babylon

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmjkkjndoaafncpbmlifpeabbapkfom

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



May I ask why you think you're infected? What symptoms are you experiencing? The title of this topic says you have many SVCHOST.exe processes - is that the only thing that makes you suspicious?
  • 0

#7
rhomel
Posted 14 August 2012 - 03:27 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
i experience my laptop is slow start up and so many svhost.exe .. sometimes will be error some of my application..

Sorry for my understanding.



All processes killed
========== OTL ==========
HKU\S-1-5-21-269433224-411305373-2250994567-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-269433224-411305373-2250994567-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-269433224-411305373-2250994567-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
File move failed. C:\Windows\SysWOW64\explorer.exe scheduled to be moved on reboot.
C:\ProgramData\Premium\Setup folder moved successfully.
C:\ProgramData\Premium folder moved successfully.
C:\Users\Rhomel\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\OptimizerPro1 folder moved successfully.
C:\ProgramData\Bcool folder moved successfully.
C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)\telecom folder moved successfully.
C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)\SIM1\telecom folder moved successfully.
C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D)\SIM1 folder moved successfully.
C:\Users\Rhomel\AppData\Roaming\(F8-D0-BD-3B-A0-6D) folder moved successfully.
Folder C:\Users\Rhomel\AppData\Roaming\Babylon\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rhomel\Desktop\cmd.bat deleted successfully.
C:\Users\Rhomel\Desktop\cmd.txt deleted successfully.
C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmjkkjndoaafncpbmlifpeabbapkfom\1.0_0 folder moved successfully.
C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpmjkkjndoaafncpbmlifpeabbapkfom folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rhomel
->Temp folder emptied: 4052 bytes
->Temporary Internet Files folder emptied: 8870247 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5868493 bytes
->Google Chrome cache emptied: 177140531 bytes
->Flash cache emptied: 2796 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29699 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rhomel
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08142012_173139

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\explorer.exe scheduled to be moved on reboot.
C:\Users\Rhomel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E
File C:\Users\Rhomel\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Edited by rhomel, 14 August 2012 - 03:29 AM.

  • 0

#8
Gammo
Posted 14 August 2012 - 08:09 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Multiple SVCHOST.exe processes isn't necessarily a bad thing. I've got 11 of them running at my own PC.



Please run OTL and do a new Quick Scan with it. Post the resulting log file in your next reply. :thumbsup:
  • 0

#9
rhomel
Posted 14 August 2012 - 08:51 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
this my OTL log ....


OTL logfile created on: 8/14/2012 10:54:35 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rhomel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 39.99% Memory free
7.78 Gb Paging File | 5.26 Gb Available in Paging File | 67.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 405.67 Gb Total Space | 347.36 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
Drive D: | 292.87 Gb Total Space | 245.28 Gb Free Space | 83.75% Space Free | Partition Type: NTFS

Computer Name: RHOMEL-PC | User Name: Rhomel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rhomel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Program Files (x86)\Connectify\Connectifyd.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\pdf.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\libglesv2.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\libegl.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\avutil-51.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\avformat-54.dll ()
MOD - C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (AIPS) -- C:\Program Files (x86)\netcut\services\aips.exe (Arcai.com)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (gogoTunnelDevice) -- C:\Windows\SysNative\drivers\gogotun.sys (gogo6 Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-07-07 20:58:41&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...m.ph/search?q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://www.google.co...m.ph/search?q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rhomel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 17:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/18 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/11 20:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Rhomel\AppData\Roaming\IDM\idmmzcc5 [2012/08/11 20:24:07 | 000,000,000 | ---D | M]

[2012/06/28 12:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Extensions
[2012/08/14 19:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rhomel\AppData\Roaming\Mozilla\Firefox\Profiles\a1fd0z6f.default\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 16:37:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/11 20:24:07 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\RHOMEL\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/07/19 17:24:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/05/25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/06/23 18:20:16 | 000,033,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/07/07 20:58:34 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/19 17:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/19 17:24:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Rhomel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rhomel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Web Navigation = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\
CHR - Extension: Web Navigation = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_0\.bak
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Rhomel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.5.3_0\

O1 HOSTS File: ([2012/08/14 17:31:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{212C1621-DD63-4548-A3DB-6CCE1E4C8CE5}: NameServer = 192.168.31.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E156B9CC-8764-4C61-80EF-0B9709EFD6CE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F721C091-B959-4759-AB9C-32F30D02584B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbff264-c150-11e1-8d7d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{81dd5171-c6ca-11e1-8e2c-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd3b8a3-db5d-11e1-a988-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6b5-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{c977f6d9-c2ef-11e1-b6d0-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd93d89f-d5bb-11e1-becd-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{e77a9629-e4bd-11e1-8dae-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{e77a9629-e4bd-11e1-8dae-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e77a9644-e4bd-11e1-8dae-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{e77a9644-e4bd-11e1-8dae-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea93573f-d66f-11e1-9422-94dbc9ab461d}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:31:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 17:30:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/13 22:34:57 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/08/13 03:06:17 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\TFC.exe
[2012/08/13 02:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/13 02:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/12 21:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/12 13:49:04 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2012/08/11 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/08/11 20:22:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/10 19:53:52 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/10 19:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/10 19:18:28 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/09 03:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2012/08/09 03:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2012/08/09 03:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2012/08/09 03:06:38 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\My ISO Files
[2012/08/09 02:45:29 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/09 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\WinPatrol
[2012/08/09 01:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/08/07 11:52:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP
[2012/08/04 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/02 07:26:12 | 000,000,000 | R--D | C] -- C:\Users\Rhomel\Documents\Notes
[2012/07/31 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/07/31 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/07/31 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
[2012/07/31 16:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\netcut
[2012/07/31 06:51:03 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012/07/31 06:51:03 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012/07/30 22:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\HonLauncher
[2012/07/30 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Chromium
[2012/07/30 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\Heroes of Newerth (Garena)
[2012/07/30 20:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GarenaHoN
[2012/07/30 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Garena
[2012/07/29 20:50:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/29 18:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gogo6
[2012/07/29 18:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\gogo6
[2012/07/29 15:26:10 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/27 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canopy
[2012/07/27 00:50:10 | 000,000,000 | ---D | C] -- C:\Canopy
[2012/07/27 00:50:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012/07/27 00:49:53 | 000,000,000 | -H-D | C] -- C:\Users\Rhomel\InstallAnywhere
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 19:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/07/25 08:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun Broadband Wireless
[2012/07/24 16:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disktrix
[2012/07/24 16:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disktrix
[2012/07/24 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012/07/23 23:12:40 | 000,000,000 | ---D | C] -- C:\Temp
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012/07/23 23:06:08 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/07/23 23:06:08 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/07/23 22:51:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/23 22:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Samsung
[2012/07/23 22:48:58 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/07/23 22:48:55 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\Documents\samsung
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/07/23 22:47:29 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/07/23 22:47:28 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/07/23 22:47:28 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/07/23 22:47:28 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012/07/23 22:47:28 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/07/23 22:47:28 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/07/23 22:46:52 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2012/07/23 22:46:52 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2012/07/23 22:46:52 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2012/07/23 22:46:52 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2012/07/23 22:46:52 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2012/07/23 22:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/07/23 22:45:42 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/23 22:45:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/07/23 22:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/07/23 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/07/23 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Downloaded Installations
[2012/07/22 00:30:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/22 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/07/22 00:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/07/22 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2012/07/21 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UX Pack
[2012/07/21 23:32:22 | 000,000,000 | ---D | C] -- C:\UXFiles
[2012/07/21 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\SkinSoft
[2012/07/21 01:02:03 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/07/20 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
[2012/07/20 18:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unified Remote
[2012/07/20 18:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/07/20 18:38:42 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012/07/20 18:38:42 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012/07/20 18:38:42 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012/07/20 18:38:42 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012/07/20 18:38:39 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012/07/20 18:38:30 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012/07/19 23:52:34 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/07/19 23:52:34 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/07/19 23:52:34 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/07/19 23:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/19 23:52:11 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/19 23:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/07/19 23:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/07/19 23:51:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/19 17:08:15 | 010,235,904 | ---- | C] (AutoDWG) -- C:\Windows\SysWow64\PDF2DWG.dll
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoDWG
[2012/07/19 17:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoDWG
[2012/07/19 00:03:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Shared Memory
[2012/07/18 22:52:32 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\[email protected]
[2012/07/18 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2012/07/18 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/07/18 20:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/18 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/07/18 00:09:36 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/18 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012/07/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012/07/17 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/17 21:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/17 21:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/17 19:11:31 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Local\Temp
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/17 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/07/17 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/17 17:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/07/17 17:20:24 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Malwarebytes
[2012/07/17 17:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/17 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Rhomel\AppData\Roaming\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/17 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/07/17 16:35:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/07/17 16:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2012/08/14 22:23:21 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/08/14 20:05:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 20:05:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 20:02:55 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 20:02:55 | 000,662,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 20:02:55 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 19:58:06 | 000,000,380 | ---- | M] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/08/14 19:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 19:56:38 | 001,403,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 19:56:29 | 3131,490,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/14 17:31:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/14 17:30:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\OTL.exe
[2012/08/13 23:23:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/08/13 03:06:12 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Rhomel\Desktop\TFC.exe
[2012/08/13 02:41:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/13 02:41:37 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/13 02:00:50 | 000,000,000 | ---- | M] () -- C:\Users\Rhomel\defogger_reenable
[2012/08/11 15:09:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 23:40:14 | 000,000,802 | ---- | M] () -- C:\0
[2012/08/10 17:27:20 | 000,000,315 | ---- | M] () -- C:\user.js
[2012/08/09 09:15:10 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/09 09:15:10 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/08/09 03:19:38 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/04 20:58:04 | 000,000,219 | ---- | M] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/08/04 13:17:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 17:23:14 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/08/01 05:27:07 | 000,002,162 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/31 17:15:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/31 16:46:30 | 000,704,512 | ---- | M] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | M] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | M] () -- C:\Windows\is-RODFQ.lst
[2012/07/30 20:52:24 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | M] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | M] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | M] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/27 00:31:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/23 23:11:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:48:45 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | M] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | M] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | M] () -- C:\Windows\clwcp.bmp
[2012/07/21 22:14:22 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/07/20 18:39:31 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat
[2012/07/20 18:39:28 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/07/20 18:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/07/19 23:52:19 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/18 22:36:50 | 000,002,681 | ---- | M] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | M] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | M] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/17 19:29:52 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini
[2012/07/17 19:27:05 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | M] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/16 00:51:09 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll

========== Files Created - No Company Name ==========

[2012/08/14 19:56:38 | 001,403,864 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 02:41:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/13 02:41:42 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/13 02:00:50 | 000,000,000 | ---- | C] () -- C:\Users\Rhomel\defogger_reenable
[2012/08/11 17:40:44 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/11 15:09:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/08/10 19:13:57 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/08/10 19:13:56 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/08/10 17:27:20 | 000,000,315 | ---- | C] () -- C:\user.js
[2012/08/07 17:18:40 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/04 20:58:04 | 000,000,219 | ---- | C] () -- C:\Users\Rhomel\Desktop\Dota 2.url
[2012/07/31 16:46:30 | 000,704,512 | ---- | C] () -- C:\Windows\is-RODFQ.exe
[2012/07/31 16:46:30 | 000,010,498 | ---- | C] () -- C:\Windows\is-RODFQ.msg
[2012/07/31 16:46:30 | 000,001,003 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Arcai.com's NetCut.lnk
[2012/07/31 16:46:30 | 000,000,213 | ---- | C] () -- C:\Windows\is-RODFQ.lst
[2012/07/31 16:46:29 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012/07/30 20:52:24 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Newerth.lnk
[2012/07/28 06:27:50 | 000,028,786 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover000.dwg
[2012/07/28 06:15:53 | 000,819,727 | ---- | C] () -- C:\Users\Rhomel\Documents\Drawing1_recover.dwg
[2012/07/27 23:26:06 | 000,000,202 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl2
[2012/07/27 23:26:06 | 000,000,052 | -H-- | C] () -- C:\Users\Rhomel\Documents\Drawing1.dwl
[2012/07/27 00:50:18 | 000,001,659 | ---- | C] () -- C:\Users\Rhomel\Desktop\Network Updater.lnk
[2012/07/23 23:11:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/07/23 22:48:45 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/07/23 22:45:47 | 000,001,977 | ---- | C] () -- C:\Users\Rhomel\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/07/22 01:32:54 | 000,000,180 | ---- | C] () -- C:\Windows\dotahotkeys.ini
[2012/07/21 23:32:45 | 006,912,054 | ---- | C] () -- C:\Windows\clwcp.bmp
[2012/07/21 23:32:26 | 000,517,120 | ---- | C] () -- C:\Windows\SysWow64\CLWCP.exe
[2012/07/21 23:32:25 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/07/19 23:52:19 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/19 23:52:19 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/19 23:52:19 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/19 17:08:14 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\AxEImage.dll
[2012/07/19 17:08:14 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2012/07/18 22:36:50 | 000,002,681 | ---- | C] () -- C:\Users\Rhomel\Desktop\AutoCAD 2013 - English.lnk
[2012/07/18 21:10:45 | 000,002,937 | ---- | C] () -- C:\Users\Rhomel\Desktop\PowerPoint 2013.lnk
[2012/07/18 21:10:41 | 000,003,021 | ---- | C] () -- C:\Users\Rhomel\Desktop\Word 2013.lnk
[2012/07/17 21:58:51 | 002,587,633 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/17 21:57:00 | 000,012,780 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/17 21:45:13 | 000,000,380 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\sp_data.sys
[2012/07/17 19:27:05 | 000,002,408 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Imperial).lnk
[2012/07/17 19:27:05 | 000,002,404 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2012/07/17 19:27:05 | 000,002,398 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2012/07/17 17:50:56 | 000,001,182 | ---- | C] () -- C:\Users\Rhomel\Desktop\RegCure Pro.lnk
[2012/07/17 17:50:56 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/07/17 17:50:53 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2012/07/16 00:48:04 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/07/12 00:17:45 | 000,045,270 | ---- | C] () -- C:\Users\Rhomel\AppData\Roaming\room_v3.dat
[2012/07/08 23:03:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/08 23:03:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/06/28 13:24:48 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 11:50:39 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/06/28 11:50:39 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/06/28 11:50:39 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/06/28 11:50:39 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012/07/07 08:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Autodesk
[2012/07/18 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/29 15:26:10 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
[2012/07/15 04:28:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DAEMON Tools Pro
[2012/08/14 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DMCache
[2012/07/04 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Downloaded Installations
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\DriverCure
[2012/08/03 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\GarenaPlus
[2012/08/14 20:36:38 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\IDM
[2012/07/08 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ImgBurn
[2012/07/15 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Mathsoft
[2012/07/06 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\National Instruments
[2012/08/02 04:02:47 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Nitro PDF
[2012/08/14 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Notepad++
[2012/07/17 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\ParetoLogic
[2012/07/15 03:04:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\PTC
[2012/07/23 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Samsung
[2012/08/11 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TeraCopy
[2012/07/31 06:49:45 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\TuneUp Software
[2012/07/20 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Unified Remote
[2012/08/14 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\uTorrent
[2012/08/09 01:43:25 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\WinPatrol
[2012/07/04 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Rhomel\AppData\Roaming\Zbshareware Lab
[2012/07/05 13:02:47 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
[2012/07/05 13:02:47 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
[2012/06/29 03:54:32 | 000,000,828 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/06/29 03:54:32 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/08/14 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/08/09 09:15:10 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2012/08/09 09:15:10 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012/07/17 20:52:39 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\RegCure Pro.job
[2012/07/20 19:23:46 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
  • 0

#10
Gammo
Posted 14 August 2012 - 09:31 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please run the MGA Diagnostic Tool and post the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program.
  • Click Continue.
  • Ensure that the Windows tab is selected. (It should be by default.)
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

Advertisements

#11
rhomel
Posted 14 August 2012 - 09:39 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {61E8CB52-D15E-4567-808F-6B46D1D2A518}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Rhomel\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{61E8CB52-D15E-4567-808F-6B46D1D2A518}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-269433224-411305373-2250994567</SID><SYSTEM><Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer><Model>K55VD</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>K55VD.203</Version><SMBIOSVersion major="2" minor="7"/><Date>20120312000000.000000+000</Date></BIOS><HWID>D2203207018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600173-02-1033-7600.0000-1802012
Installation ID: 000894986302003671694536069904321840326492235422838530
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: VKM6G
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/14/2012 11:46:22 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:29:2012 04:30
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEA6GG04Sh0DiZiDDaKCoOMvPBqIoUc7pZj

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
FPDT _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
BGRT _ASUS_ Notebook




Windows Validation Check
Version: 1.9.12.5
Log Created On: 2347_14-08-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-08-14 22:56:14
Last Success Time for Update Download: 2012-08-11 02:18:53
Last Success Time for Update Installation: 2012-08-11 02:19:01


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 30/6/2012 20:9:39
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 30/6/2012 20:9:39
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 16:52:11
Modification; 13/7/2009 18:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 28/6/2012 20:3:48
Modification; 20/12/2010 22:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 28/6/2012 20:3:48
Modification; 20/12/2010 22:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 30/6/2012 20:9:54
Modification; 20/11/2010 5:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 16:36:22
Modification; 13/7/2009 18:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 28/6/2012 20:3:48
Modification; 20/12/2010 21:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 28/6/2012 20:3:48
Modification; 20/12/2010 21:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 30/6/2012 20:9:39
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
D:\Installer\Windows 7 Anytime Upgrade Keygen\Windows 7 Anytime Upgrade Keygen.exe
Size: 69632 bytes
Creation; 29/6/2012 21:20:37
Modification; 28/11/2010 20:10:38
MD5; 8682971643ff77e31f069d043b858179
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------


WVCheck's Dir Dump
-----------------------
D:\Installer\Windows 7 Anytime Upgrade Keygen
Size: 0 bytes
Creation; 24/2/2012 21:34:48
Modification; 24/2/2012 21:34:58
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 2349_14-08-2012 --------
  • 0

#12
Gammo
Posted 14 August 2012 - 11:09 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
You appear to be using a pirated/illegal version of Windows, am I right?

I can't help you as long as you don't have legitimate Windows.
  • 0

#13
rhomel
Posted 14 August 2012 - 10:01 PM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
im legit user windows.... i downoad it for my pc... this laptop is legit.
  • 0

#14
Gammo
Posted 15 August 2012 - 07:29 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Then we can continue. :)


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#15
rhomel
Posted 16 August 2012 - 02:13 AM

rhomel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Rhomel :: RHOMEL-PC [administrator]

Protection: Disabled

8/16/2012 4:16:44 PM
mbam-log-2012-08-16 (16-16-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214624
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





ComboFix 12-08-16.01 - Rhomel 08/16/2012 16:25:51.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3982.2241 [GMT -7:00]
Running from: c:\users\Rhomel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rhomel\AppData\Local\assembly\tmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 23:32 . 2012-08-16 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext.sys
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-08-15 16:08 . 2009-09-19 23:54 119680 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-08-15 16:08 . 2009-09-04 18:41 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-08-15 16:08 . 2009-08-21 23:44 135168 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-08-15 16:08 . 2012-08-15 16:08 -------- d-----w- c:\program files (x86)\ZTEDriver
2012-08-15 16:08 . 2012-08-15 16:08 -------- d-----w- c:\program files\Windows Service
2012-08-15 16:00 . 2009-10-22 00:16 243200 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-15 16:00 . 2009-10-12 22:23 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-08-15 16:00 . 2009-09-10 22:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-15 16:00 . 2007-08-09 11:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-15 15:51 . 2012-08-15 15:58 -------- d-----w- c:\program files (x86)\SMART BRO
2012-08-15 15:50 . 2012-08-15 18:54 -------- d-----w- c:\windows\SysWow64\SupportAppXL
2012-08-15 07:59 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18BC3C86-D836-4A59-8EE7-17694363E353}\mpengine.dll
2012-08-15 07:58 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 06:46 . 2012-08-15 06:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-08-13 09:48 . 2012-08-13 09:48 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AFE6BA-B38B-45CF-8ED5-7757162ECB76}\gapaengine.dll
2012-08-13 09:41 . 2012-08-13 09:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-13 09:41 . 2012-08-13 09:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 04:39 . 2012-08-13 04:39 -------- d-----w- c:\program files (x86)\ESET
2012-08-12 20:49 . 2012-08-13 04:39 -------- d-----w- c:\windows\Downloaded Program Files
2012-08-12 03:24 . 2012-08-16 05:59 -------- d-----w- c:\users\Rhomel\AppData\Roaming\IDM
2012-08-11 02:18 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8E002DB-B209-4D86-AAAC-729202C56B35}\mpengine.dll
2012-08-09 10:06 . 2012-08-09 10:06 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-08-09 10:06 . 2012-08-09 10:06 -------- d-----w- c:\program files (x86)\UltraISO
2012-08-09 09:45 . 2012-08-02 00:23 158944 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-08-09 08:39 . 2012-08-09 08:43 -------- d-----w- c:\users\Rhomel\AppData\Roaming\WinPatrol
2012-08-09 08:38 . 2012-08-12 01:51 -------- d-----w- c:\programdata\InstallMate
2012-08-07 18:52 . 2012-08-07 18:52 -------- d--h--w- c:\programdata\CanonIJSIP
2012-07-31 23:46 . 2012-08-07 09:34 -------- d-----w- c:\program files (x86)\WinPcap
2012-07-31 23:46 . 2012-07-31 23:46 704512 ----a-w- c:\windows\is-RODFQ.exe
2012-07-31 23:46 . 2006-09-21 20:59 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-07-31 23:46 . 2012-07-31 23:46 -------- d-----w- c:\program files (x86)\netcut
2012-07-31 13:51 . 2012-05-30 03:46 35680 ----a-w- c:\windows\system32\uxtuneup.dll
2012-07-31 13:51 . 2012-05-30 03:46 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-07-31 05:56 . 2012-07-31 05:56 -------- d-----w- c:\users\Rhomel\AppData\Local\HonLauncher
2012-07-31 03:55 . 2012-07-31 03:55 -------- d-----w- c:\users\Rhomel\AppData\Local\Chromium
2012-07-31 03:45 . 2012-08-07 09:34 -------- d-----w- c:\program files (x86)\GarenaHoN
2012-07-31 02:01 . 2012-07-31 02:01 -------- d-----w- c:\users\Rhomel\AppData\Local\Garena
2012-07-30 01:39 . 2012-07-30 01:39 -------- d-----w- c:\program files\gogo6
2012-07-29 22:26 . 2012-07-29 22:26 -------- d-----w- c:\users\Rhomel\AppData\Roaming\com.prezi.PreziDesktop
2012-07-27 07:50 . 2012-07-27 07:50 -------- d-----w- C:\Canopy
2012-07-27 07:50 . 2012-07-27 07:50 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-07-27 07:49 . 2012-07-27 07:49 -------- d--h--w- c:\users\Rhomel\InstallAnywhere
2012-07-25 15:55 . 2012-08-04 09:41 -------- d-----w- c:\program files (x86)\Sun Broadband Wireless
2012-07-24 23:23 . 2012-07-24 23:23 -------- d-----w- c:\program files (x86)\Disktrix
2012-07-24 18:42 . 2012-08-04 09:41 -------- d-----w- c:\windows\SysWow64\SupportAppCB
2012-07-24 06:12 . 2012-07-24 06:12 -------- d-----w- C:\Temp
2012-07-24 06:06 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-24 06:06 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2012-07-24 06:06 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-24 06:06 . 2010-12-21 05:55 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-07-24 05:49 . 2012-07-24 06:06 -------- d-----w- c:\users\Rhomel\AppData\Local\Samsung
2012-07-24 05:48 . 2012-07-24 05:48 -------- d-----w- c:\users\Rhomel\AppData\Roaming\Samsung
2012-07-24 05:47 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-07-24 05:47 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-07-24 05:47 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-07-24 05:47 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-07-24 05:47 . 2011-12-08 04:22 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-07-24 05:47 . 2011-12-08 04:22 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-07-24 05:47 . 2011-12-08 04:22 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-07-24 05:47 . 2011-12-08 04:22 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-07-24 05:47 . 2011-12-08 04:22 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-07-24 05:47 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-07-24 05:47 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-07-24 05:46 . 2011-12-08 04:22 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-07-24 05:46 . 2011-12-08 04:22 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-07-24 05:46 . 2011-12-08 04:22 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-07-24 05:46 . 2011-12-08 04:22 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-07-24 05:46 . 2011-12-08 04:22 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-07-24 05:46 . 2011-12-08 04:22 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-07-24 05:46 . 2011-12-08 04:22 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-07-24 05:45 . 2011-12-24 03:58 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-07-24 05:45 . 2012-07-24 05:45 -------- d-----w- c:\program files (x86)\MarkAny
2012-07-24 05:45 . 2011-12-24 03:58 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-07-24 05:44 . 2012-07-24 05:46 -------- d-----w- c:\program files (x86)\Samsung
2012-07-24 05:44 . 2012-07-24 05:46 -------- d-----w- c:\programdata\Samsung
2012-07-24 05:43 . 2012-07-24 05:43 -------- d-----w- c:\users\Rhomel\AppData\Local\Downloaded Installations
2012-07-22 07:30 . 2012-07-22 07:30 -------- d-----w- c:\windows\Sun
2012-07-22 07:27 . 2012-07-22 07:27 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-22 07:27 . 2012-07-22 07:27 -------- d-----w- c:\program files (x86)\GreenTree Applications
2012-07-22 06:32 . 2007-11-24 14:00 517120 ----a-w- c:\windows\SysWow64\CLWCP.exe
2012-07-22 06:32 . 2011-09-29 19:41 925184 ----a-w- c:\windows\expstart.exe
2012-07-22 06:32 . 2012-07-22 06:51 -------- d-----w- c:\program files (x86)\UX Pack
2012-07-22 06:32 . 2012-07-22 06:32 -------- d-----w- C:\UXFiles
2012-07-22 05:30 . 2012-07-22 05:30 -------- d-----w- c:\users\Rhomel\AppData\Local\SkinSoft
2012-07-21 08:02 . 2012-08-07 09:34 -------- d-----w- c:\windows\AutoKMS
2012-07-21 01:57 . 2012-07-21 01:57 -------- d-----w- c:\users\Rhomel\AppData\Roaming\Unified Remote
2012-07-21 01:57 . 2012-07-21 01:57 -------- d-----w- c:\program files (x86)\Unified Remote
2012-07-21 01:38 . 2007-12-14 05:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-07-21 01:38 . 2007-12-14 05:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-07-21 01:38 . 2007-12-14 05:16 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-07-21 01:38 . 2006-12-28 20:39 176128 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-07-21 01:38 . 2009-04-07 19:02 1560576 ----a-w- c:\windows\system32\BrWia09b.dll
2012-07-21 01:38 . 2008-06-17 22:33 167936 ------w- c:\windows\SysWow64\NSSearch.dll
2012-07-20 06:52 . 2012-05-30 03:46 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-20 06:52 . 2012-05-30 03:46 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-07-20 06:52 . 2012-05-30 03:46 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-20 06:52 . 2012-07-31 13:49 -------- d-----w- c:\users\Rhomel\AppData\Roaming\TuneUp Software
2012-07-20 06:51 . 2012-07-20 06:52 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-20 06:51 . 2012-07-20 06:52 -------- d-----w- c:\programdata\TuneUp Software
2012-07-20 06:51 . 2012-07-20 06:51 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-20 00:08 . 2011-03-18 22:46 10235904 ----a-w- c:\windows\SysWow64\PDF2DWG.dll
2012-07-20 00:08 . 2012-07-20 00:08 -------- d-----w- c:\program files (x86)\AutoDWG
2012-07-20 00:08 . 2010-12-03 17:09 925696 ----a-w- c:\windows\SysWow64\AxEImage.dll
2012-07-20 00:08 . 2002-04-22 15:45 663552 ----a-w- c:\windows\SysWow64\FreeImage.dll
2012-07-20 00:08 . 2001-09-05 23:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-20 00:08 . 2001-09-05 23:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-20 00:08 . 2001-09-05 23:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-20 00:08 . 2001-09-05 23:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-20 00:08 . 2002-07-25 23:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-19 07:03 . 2012-07-19 07:03 -------- d-----w- c:\windows\SysWow64\Shared Memory
2012-07-19 05:52 . 2012-07-19 05:52 -------- d-----w- c:\users\Rhomel\AppData\Local\[email protected]
2012-07-19 03:43 . 2012-07-19 03:43 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-07-19 03:43 . 2012-07-19 03:43 -------- d-----w- c:\program files\Microsoft.NET
2012-07-19 03:41 . 2012-07-19 03:43 -------- d-----w- c:\program files\Microsoft SQL Server
2012-07-18 07:09 . 2012-07-18 07:09 -------- d-----w- c:\users\Rhomel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-18 07:09 . 2012-07-18 07:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-18 05:24 . 2012-07-19 00:34 -------- d-----w- c:\windows\SysWow64\NV
2012-07-18 05:24 . 2012-07-19 00:34 -------- d-----w- c:\windows\system32\NV
2012-07-18 04:57 . 2012-04-24 15:17 9740608 ----a-w- c:\windows\system32\nvwgf2umx.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 09:47 . 2012-06-28 21:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 09:47 . 2012-06-28 21:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 19:42 . 2012-07-01 03:11 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-07-15 19:42 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-15 19:42 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-07-12 22:40 . 2012-07-12 22:40 119808 ----a-r- c:\users\Rhomel\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-11 19:40 . 2012-06-29 03:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-06-29 05:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 15:32 . 2012-07-03 15:32 106344 ----a-w- c:\windows\system32\UDBDef.exe
2012-07-01 08:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-01 08:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-30 20:20 . 2012-06-30 20:21 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-30 20:20 . 2012-06-30 20:21 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-29 17:49 . 2012-06-29 17:49 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-06-28 19:21 . 2012-06-28 19:21 80512 ----a-w- c:\windows\ASUS K5 Series ScreenSaver Uninstaller.exe
2012-06-28 19:19 . 2012-06-28 19:19 3058304 ----a-w- c:\windows\AsScrPro.exe
2012-06-26 07:02 . 2011-12-24 03:58 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 07:02 . 2011-12-24 03:58 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-25 04:47 . 2012-06-25 04:47 69640 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2012-06-25 04:47 . 2012-07-05 05:17 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-25 04:47 . 2012-07-05 05:17 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-24 01:20 . 2012-06-24 01:20 31864 ----a-w- c:\windows\system32\FM20ENU.DLL
2012-06-24 01:20 . 2012-06-24 01:20 826232 ----a-w- c:\windows\system32\msvcr110.dll
2012-06-24 01:20 . 2012-06-24 01:20 595328 ----a-w- c:\windows\system32\msvcp110.dll
2012-06-24 01:20 . 2012-06-24 01:20 338824 ----a-w- c:\windows\system32\vccorlib110.dll
2012-06-24 01:19 . 2012-06-24 01:19 1592416 ----a-w- c:\windows\system32\FM20.DLL
2012-06-18 20:34 . 2012-07-08 05:16 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 20:34 . 2012-07-08 05:16 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-06-18 20:34 . 2012-07-08 05:16 12384 ------w- c:\windows\system32\pwdspio.sys
2012-06-12 03:08 . 2012-07-11 19:43 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-15 19:42 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 15:09 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:09 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:09 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:09 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 23:03 . 2012-07-12 03:53 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-05 23:03 . 2012-07-12 03:53 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-05 23:03 . 2012-06-05 23:03 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-06-05 23:03 . 2012-06-05 23:03 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-06-05 23:02 . 2012-06-05 23:02 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-06-02 22:19 . 2012-06-28 22:35 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 22:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-28 22:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 22:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 22:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-28 22:35 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-28 22:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-28 22:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-28 22:35 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 15:09 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 15:09 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 15:09 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 15:09 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 15:09 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 15:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 15:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 15:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
2012-06-24 01:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-24 01:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-24 01:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-24 01:20 2042504 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-08-11 3519936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
.
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-22 276248]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-10-22 243200]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-28 1432400]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys [2010-03-13 27648]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-04 11776]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-06-24 178784]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-06-24 5132888]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-06-04 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-29 1255736]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-09-19 119680]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-04-24 28992]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-06-29 31344]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-29 262144]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-07-07 65536]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-08-02 158944]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-25 216072]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-06-25 69640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-24 2458944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-30 2143072]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-05-07 17152]
S3 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 292968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 09:47]
.
2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
- c:\users\Rhomel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-04 02:21]
.
2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
- c:\users\Rhomel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-04 02:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000Core.job
- c:\users\Rhomel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:13]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-269433224-411305373-2250994567-1000UA.job
- c:\users\Rhomel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 02:13]
.
2012-06-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-06-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-08-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-09 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-08-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-07-18 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
2012-06-24 01:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-06-24 01:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-06-24 01:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-06-24 01:20 2860168 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
TCP: Interfaces\{00A82E71-8A2F-4FB6-A0FA-76DA8A8CED64}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{212C1621-DD63-4548-A3DB-6CCE1E4C8CE5}: NameServer = 192.168.31.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files (x86)\Microsoft Office\Office15\MSOSB.DLL
FF - ProfilePath - c:\users\Rhomel\AppData\Roaming\Mozilla\Firefox\Profiles\a1fd0z6f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com.ph/search?q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com.ph/search?q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112462&tt=090812_bab_3212_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 4294a5a700000000000094dbc9ab1f0d
FF - user.js: extensions.BabylonToolbar.instlDay - 15563
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.617:27
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-269433224-411305373-2250994567-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2EAD49F3-8E89-B60A-D0AD-D03EDAFC015C}*]
"hacldbekjlnaebio"=hex:61,61,00,00
"iagjkbhfdiaefeehmh"=hex:6a,61,64,68,6a,69,6a,64,70,63,70,6d,68,67,68,6a,61,65,
6d,69,00,03
"hamkadingebfgajo"=hex:6a,61,64,68,70,68,68,64,6f,61,6d,6e,6f,62,61,61,6e,69,
67,6f,00,03
"hacldbekpnlaeojc"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EAD49F3-8E89-B60A-D0AD-D03EDAFC015C}\InProcServer32*]
"iaakfigehnjpijgidi"=hex:61,61,00,00
"iaakfigehnlicjnlpo"=hex:61,61,00,00
"jaakjgfamiloppocedeb"=hex:6a,61,64,68,6a,69,6a,64,70,63,70,6d,68,67,68,6a,61,
65,6d,69,00,03
"iaakdgpnhdcbpmgibc"=hex:6a,61,64,68,6a,69,6a,64,70,63,70,6d,68,67,68,6a,61,65,
6d,69,00,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-16 16:35:31
ComboFix-quarantined-files.txt 2012-08-16 23:35
.
Pre-Run: 370,859,126,784 bytes free
Post-Run: 370,112,118,784 bytes free
.
- - End Of File - - 81E7E5ADC982A9DF0E5BA8E15F9FDDAB

Edited by rhomel, 16 August 2012 - 02:27 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP