Solved Cannot remove MBR: Alureo rootkit from Vista

doowop25

Posts: 24   +0
There is a rootkit malware on my Vista computer called Alureo and it's being detected on this particular partition:

MBR: \PHYSICALDRIVE0\Partition 3

I only recall attracting this virus a couple of weeks ago prior to downloading MSE and Avast while browsing. I have recently uninstalled both programs. No program that I've used so far has been successful in removing Alureo.

Per the request to fulfill the 5-step preliminary removal instructions I have the Malwarebytes log file, and the Gmer log file, but whenever I try to run the DDS file it just seems to run a scan but after 20 minutes there are still no log files popping up and if I try to interrupt my computer stalls and I have to force a reboot. Any help would be appreciated:

Malewarebytes log file


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dawon :: DAWON-PC [administrator]

3/20/2012 1:21:38 PM
mbam-log-2012-03-20 (13-21-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267369
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


First half of Gmer log file

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-20 15:23:38
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD32 rev.01.0
Running: tykegnrd.exe; Driver: C:\Users\Dawon\AppData\Local\Temp\pwloapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91027DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9274FA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9102885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9102D2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9102D330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9102D422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9102D252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9102D374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9102D29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9102D3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91027E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9274FB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91027AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91027E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9102AD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91028B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9102D30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9102D352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9102D446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9102D278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9102D3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9102D2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9102D400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9274FCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x910289CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91027EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91027F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91027B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91027CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91027C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91027D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9274FD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91027F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9274FBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92765D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 81CC1890 4 Bytes [F8, 7D, 02, 91] {CLC ; JGE 0x5; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 81CC18B4 4 Bytes [5A, FA, 74, 92] {POP EDX; CLI ; JZ 0xffffffffffffff96}
.text ntkrnlpa.exe!KeSetEvent + 191 81CC1914 4 Bytes JMP 8454779A
.text ntkrnlpa.exe!KeSetEvent + 1D1 81CC1954 8 Bytes [E4, D2, 02, 91, 30, D3, 02, ...] {IN AL, 0xd2; ADD DL, [ECX-0x6efd2cd0]}
.text ntkrnlpa.exe!KeSetEvent + 1DD 81CC1960 4 Bytes [22, D4, 02, 91]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DEC62F 5 Bytes JMP 92762C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E45543 5 Bytes JMP 9276474C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81E4EE68 4 Bytes CALL 910291B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81E52ADC 4 Bytes CALL 910291CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81EA6DCA 7 Bytes JMP 92765D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\wininit.exe[688] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[688] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[688] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[688] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[688] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[696] KERNEL32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\services.exe[732] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[732] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[732] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[732] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[732] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[732] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[732] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[732] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[732] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\lsm.exe[760] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[760] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[760] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00170600
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00171014
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00170804
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00170A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00170C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00170E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00180600
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00180804
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00180A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001803FC
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001401F8
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001403FC
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001603FC
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00160600
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00161014
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00160804
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00160A08
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00160C0C
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00160E10
.text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00061014
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00060C0C
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00060E10
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00070600
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00070804
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A
 
Second half of Gmer log file


76737099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00120804
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\AUDIODG.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00BF0600
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00BF0804
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00BF0A08
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 00BF01F8
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 00BF03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00170600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00171014
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00170804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00170A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00170C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00170E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001701F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00180600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00180804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00180A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00250600
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00250804
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00250A08
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002501F8
.text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002503FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 7549A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1644] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1736] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[1736] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[1736] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00270600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00270804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00270A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002703FC
.text C:\Windows\system32\SearchIndexer.exe[2324] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2324] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2324] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
.text C:\Users\Dawon\Desktop\tykegnrd.exe[2632] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2636] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2648] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2648] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2648] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2648] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2648] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2800] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00120600
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00120804
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00120A08
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001201F8
.text C:\Windows\System32\svchost.exe[2844] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001203FC
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 003E0600
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 003E0804
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 003E0A08
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 003E01F8
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 003E03FC
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 003F03FC
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 003F0600
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 003F1014
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 003F0804
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 003F0A08
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 003F0C0C
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 003F0E10
.text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 003F01F8
.text C:\Windows\system32\taskeng.exe[2932] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2932] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2932] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00090804
 
Third part to Gmer log file

.text C:\Windows\system32\taskeng.exe[2932] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2932] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000903FC
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[3076] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00270600
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00271014
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00270804
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00270A08
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00270C0C
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00270E10
.text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 002701F8
.text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00280600
.text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00280804
.text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00280A08
.text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002801F8
.text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002803FC
.text C:\Windows\system32\svchost.exe[3736] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3736] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3736] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3808] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3808] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3808] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[3808] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[3808] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001503FC
.text C:\Windows\System32\mobsync.exe[3980] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\mobsync.exe[3980] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\mobsync.exe[3980] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
.text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
.text C:\Windows\System32\mobsync.exe[3980] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\mobsync.exe[3980] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\IObit\Protected Folder\config.ini 57 bytes
File C:\ProgramData\IObit\Protected Folder\drawposs.db 0 bytes
File C:\ProgramData\IObit\Protected Folder\fstile.cds 0 bytes

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR log file

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 21:12:47
-----------------------------
21:12:47.074 OS Version: Windows 6.0.6002 Service Pack 2
21:12:47.074 Number of processors: 2 586 0x6B02
21:12:47.077 ComputerName: DAWON-PC UserName: Dawon
21:12:48.544 Initialize success
21:14:20.429 AVAST engine defs: 12032000
21:14:32.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
21:14:32.645 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:14:32.668 Disk 0 MBR read successfully
21:14:32.679 Disk 0 MBR scan
21:14:32.702 Disk 0 unknown MBR code
21:14:32.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
21:14:32.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
21:14:32.782 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 625137345
21:14:32.797 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
21:14:32.806 Disk 0 scanning sectors +625142432
21:14:32.868 Disk 0 scanning C:\Windows\system32\drivers
21:14:43.697 Service scanning
21:15:07.613 Modules scanning
21:15:12.341 Disk 0 trace - called modules:
21:15:12.357 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:15:12.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b52f0]
21:15:12.359 3 CLASSPNP.SYS[823358b3] -> nt!IofCallDriver -> [0x84e4f4d0]
21:15:12.360 5 acpi.sys[822126bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec15f8]
21:15:13.887 AVAST engine scan C:\Windows
21:15:17.371 AVAST engine scan C:\Windows\system32
21:16:02.690 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
21:18:23.690 AVAST engine scan C:\Windows\system32\drivers
21:18:37.436 AVAST engine scan C:\Users\Dawon
21:24:42.899 AVAST engine scan C:\ProgramData
21:28:32.944 Scan finished successfully
21:29:49.400 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
21:29:49.410 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"

Bootkit Remover log file


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 6e1c385735071a353ec369fd572116f3

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

*While attempting to run the boot cleaner I get the following warning message:
"ATA_Pass_Through_Direct is not supported by your disk controller"
"SCSI_Pass_Through_Direct will be use for disk I/O"

After I click ok then I guess it does it's thing.
 
ListParts log

ListParts by Farbar Version: 12-03-2012 03
Ran by Dawon (administrator) on 20-03-2012 at 22:04:21
Windows Vista (X86)
Running From: C:\Users\Dawon\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 28%
Total physical RAM: 3005.76 MB
Available physical RAM: 2135.58 MB
Total Pagefile: 7419.19 MB
Available Pagefile: 6151.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.1 MB

======================= Partitions =========================

1 Drive c: (COMPAQ) (Fixed) (Total:286.94 GB) (Free:182.24 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.15 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 287 GB 32 KB
Partition 2 Primary 11 GB 287 GB
Partition 3 Primary 2544 KB 298 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C COMPAQ NTFS Partition 287 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******
 
WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.



Download GETxPUD.exe to the desktop of your clean computer

  • Double click on GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Insert blank CD into your CD drive.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Boot bad computer from the CD
  • Click Menu then Terminal Emulator
  • Type parted /dev/sda set 1 boot on
  • Press Enter
  • Type parted /dev/sda rm 3
  • Press Enter
  • Remove xPUD CD, reboot, run aswMBR and post the log
 
What exactly do you mean by, "to the desktop of my clean computer?"
You mean the one that I'm trying to fix right now?
 
It'd be better to create the above CD on another working computer but if you don't have one use the one we've been working on.
 
aswMBR log


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 21:12:47
-----------------------------
21:12:47.074 OS Version: Windows 6.0.6002 Service Pack 2
21:12:47.074 Number of processors: 2 586 0x6B02
21:12:47.077 ComputerName: DAWON-PC UserName: Dawon
21:12:48.544 Initialize success
21:14:20.429 AVAST engine defs: 12032000
21:14:32.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
21:14:32.645 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:14:32.668 Disk 0 MBR read successfully
21:14:32.679 Disk 0 MBR scan
21:14:32.702 Disk 0 unknown MBR code
21:14:32.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
21:14:32.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
21:14:32.782 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 625137345
21:14:32.797 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
21:14:32.806 Disk 0 scanning sectors +625142432
21:14:32.868 Disk 0 scanning C:\Windows\system32\drivers
21:14:43.697 Service scanning
21:15:07.613 Modules scanning
21:15:12.341 Disk 0 trace - called modules:
21:15:12.357 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:15:12.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b52f0]
21:15:12.359 3 CLASSPNP.SYS[823358b3] -> nt!IofCallDriver -> [0x84e4f4d0]
21:15:12.360 5 acpi.sys[822126bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec15f8]
21:15:13.887 AVAST engine scan C:\Windows
21:15:17.371 AVAST engine scan C:\Windows\system32
21:16:02.690 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
21:18:23.690 AVAST engine scan C:\Windows\system32\drivers
21:18:37.436 AVAST engine scan C:\Users\Dawon
21:24:42.899 AVAST engine scan C:\ProgramData
21:28:32.944 Scan finished successfully
21:29:49.400 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
21:29:49.410 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 22:53:09
-----------------------------
22:53:09.488 OS Version: Windows 6.0.6002 Service Pack 2
22:53:09.488 Number of processors: 2 586 0x6B02
22:53:09.488 ComputerName: DAWON-PC UserName: Dawon
22:53:10.970 Initialize success
22:53:20.081 AVAST engine defs: 12032000
22:53:26.773 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
22:53:26.773 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
22:53:26.804 Disk 0 MBR read successfully
22:53:26.820 Disk 0 MBR scan
22:53:26.835 Disk 0 unknown MBR code
22:53:26.835 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
22:53:26.898 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
22:53:26.913 Disk 0 scanning sectors +625137345
22:53:27.038 Disk 0 scanning C:\Windows\system32\drivers
22:53:48.124 Service scanning
22:54:19.365 Modules scanning
22:54:24.637 Disk 0 trace - called modules:
22:54:24.681 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
22:54:24.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b2060]
22:54:24.707 3 CLASSPNP.SYS[8073a8b3] -> nt!IofCallDriver -> [0x84ec97c8]
22:54:24.716 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec9c90]
22:54:26.387 AVAST engine scan C:\Windows
22:54:30.837 AVAST engine scan C:\Windows\system32
22:55:24.726 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
22:58:40.519 AVAST engine scan C:\Windows\system32\drivers
22:59:28.019 AVAST engine scan C:\Users\Dawon
23:06:30.233 AVAST engine scan C:\ProgramData
23:07:50.681 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
23:07:50.696 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"
 
Good job :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
When I run Combofix it displays message that it cannot run because I have CA antivirus installed, but I don't have CA installed. I had it once before a couple years ago but I'm not sure what file it thinks is CA Antivirus
 
It won't run, it just closes out. Here is the message:

Warning:
Combofix cannot run when CA Anti-virus is installed. Please uninstall CA Anti-virus or use another tool.

The only option it gives me is to click ok, or I can click the 'x' and close the window out. Either way, the tool closes out. Strange because I no longer have CA Anti-virus.
 
Ok, just tried it in safe mode and I still get the same message. Earlier I found a CA fix for the issue of uninstalling all of their software because unfortunately there's no complete uninstall on their program but the fix didn't seem to work either.
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log - part 1


OTL logfile created on: 3/21/2012 12:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.91% Memory free
7.25 Gb Paging File | 6.74 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 181.97 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/31 14:14:36 | 000,421,208 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 17:54:40 | 000,347,024 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VQYLZES)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- -- (MPUW)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 13:48:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl9900cb84)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/16 19:00:08 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/03/26 21:37:52 | 000,206,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2007/01/30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKLM\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{2BF3535E-BDB0-45E4-B986-EA9F938C7A03}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/30 11:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 19:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 19:14:37 | 000,000,000 | ---D | M]

[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions
[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions
[2010/06/23 13:34:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(102)
[2010/07/27 13:11:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(589)
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\plugin@yontoo.com
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\searchtoolbar@zugo.com
[2010/06/23 13:34:27 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\smarterwiki@wikiatic(101).com
[2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
[2007/10/25 11:46:32 | 000,004,946 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\comcast.xml
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/30 11:11:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/07/28 20:55:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/13 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/19 15:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/13 21:18:58 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2008/12/01 11:50:26 | 000,004,946 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========
 
part 2


CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Native Client (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: DivX HiQ = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Facebook News Ticker Remover = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D203F38-2A3A-4B6A-9DD0-1C25CCD3DD90}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell - "" = AutoRun
O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell - "" = AutoRun
O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 00:03:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/20 23:18:29 | 004,441,698 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\GETxPUD
[2012/03/20 21:53:04 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\Windows\System32\LicProtector310.exe
[2012/03/20 21:53:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2012/03/20 21:53:03 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\Windows\System32\gdpicturepro5.ocx
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\PackageAware
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener
[2012/03/20 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/03/20 15:37:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 12:47:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/19 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/19 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/19 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\RAR File Open Knife - Free Opener
[2012/03/19 17:39:57 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2012/03/19 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2012/03/19 17:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/19 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/03/19 16:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/19 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/19 16:36:18 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/03/19 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 16:30:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/19 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/19 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\SercurityStuff
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/17 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/27 22:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\RockMelt
[2012/02/23 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Localphone
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/21 00:00:26 | 000,665,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 00:00:26 | 000,124,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/20 23:56:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 23:56:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 23:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 23:56:02 | 3152,515,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 23:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/20 23:19:33 | 000,002,587 | ---- | M] () -- C:\Users\Dawon\Desktop\Microsoft Office Word 2007.lnk
[2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | M] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
[2012/03/20 21:32:38 | 000,044,607 | ---- | M] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 15:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 20:35:46 | 000,003,416 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 20:05:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/19 16:39:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:20:03 | 000,002,088 | ---- | M] () -- C:\Users\Dawon\Desktop\Google Chrome.lnk
[2012/03/19 16:20:03 | 000,002,050 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | M] () -- C:\Users\Dawon\defogger_reenable
[2012/03/19 10:32:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/18 22:02:04 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/17 17:14:19 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/16 23:25:25 | 000,334,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/16 23:02:05 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/03/08 23:47:47 | 003,909,679 | ---- | M] () -- C:\Users\Dawon\Desktop\tdsskiller.zip
[2012/03/01 15:57:53 | 000,137,216 | ---- | M] () -- C:\Users\Dawon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 16:02:27 | 000,014,632 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/20 23:56:02 | 3152,515,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/20 22:16:59 | 000,497,272 | ---- | C] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:00 | 000,304,845 | ---- | C] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | C] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | C] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:32:38 | 000,044,607 | ---- | C] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 13:33:13 | 000,302,592 | ---- | C] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/19 20:35:45 | 000,003,416 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 18:50:32 | 000,472,064 | ---- | C] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
[2012/03/19 16:36:22 | 000,039,862 | ---- | C] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:21:13 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Dawon\defogger_reenable
[2012/03/17 17:14:19 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/27 16:02:25 | 000,014,632 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
[2012/02/13 16:46:37 | 000,000,304 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQkt
[2012/02/13 16:46:37 | 000,000,208 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQktr
[2012/02/13 16:46:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\xR088cMiciJQkt
[2012/01/24 21:14:34 | 015,028,931 | ---- | C] () -- C:\Program Files\bibjam80.zip
[2011/10/14 13:11:40 | 000,025,140 | -H-- | C] () -- C:\Users\Dawon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/24 11:26:40 | 000,017,408 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\WebpageIcons.db
[2011/06/14 00:22:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\ONBV2VER.INI
[2011/06/14 00:22:09 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
[2011/06/14 00:20:35 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
[2011/04/22 16:32:53 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/22 16:32:52 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/14 14:47:43 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/19 12:33:21 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
[2011/03/01 20:10:59 | 000,000,225 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/30 20:57:39 | 000,000,058 | -H-- | C] () -- C:\Windows\popcreg.dat
[2010/12/30 20:57:39 | 000,000,020 | ---- | C] () -- C:\Windows\popcinfot.dat
[2010/07/30 11:13:44 | 000,000,036 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\housecall.guid.cache
[2010/06/29 20:32:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\40Et2gh.dat

========== LOP Check ==========

[2010/03/12 01:06:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\CallingID
[2010/06/25 09:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/27 12:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\IObit
[2012/02/23 16:11:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\Linphone
[2011/02/07 14:31:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\.purple
[2010/03/23 22:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Acronis
[2010/08/24 12:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Amazon
[2011/04/08 20:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Any Video Converter
[2010/08/20 12:42:37 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\BitZipper
[2010/10/20 01:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\CallingID
[2010/06/23 12:42:06 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ChromePlus
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\DriverCure
[2011/11/28 13:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Dropbox
[2010/04/01 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\EuroTalk
[2009/11/15 09:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Flock
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GetRightToGo
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GHISLER
[2010/08/20 12:36:57 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\gnupg
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\gtk-2.0
[2010/07/26 13:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\InfraRecorder
[2012/03/19 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\IObit
[2009/03/03 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\iWin
[2011/06/22 10:47:59 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Linphone
[2011/07/13 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\OpenCandy
[2011/11/28 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Opera
[2010/11/15 21:17:19 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PC Suite
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PC-FAX TX
[2012/03/19 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2008/09/22 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PictureMover
[2009/01/02 01:14:45 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PlayFirst
[2008/11/05 18:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ScanSoft
[2009/06/25 12:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Skinux
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\SpeedyPC Software
[2009/01/13 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Systweak
[2009/05/06 16:31:40 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Template
[2008/09/30 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\ubi.com
[2011/02/24 12:43:47 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WeatherBug
[2009/01/01 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WildTangent
[2008/09/23 14:41:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WinBatch
[2011/06/30 16:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Windows Live Writer
[2009/09/24 22:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\YouSendIt
[2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2010/06/20 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CallingID
[2009/11/08 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Flock
[2011/03/31 11:49:45 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux
[2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
[2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2012/03/20 23:49:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/10/28 17:20:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/08/04 13:31:03 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/04 13:59:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/07/26 14:58:22 | 000,250,473 | ---- | M] () -- C:\boyle1e_student_project_files-1 (4).7z
[2009/01/21 01:28:02 | 000,036,947 | ---- | M] () -- C:\caavsetupLog.txt
[2012/03/19 19:33:38 | 009,709,754 | ---- | M] () -- C:\caisslog.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/05 19:35:47 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
[2009/11/21 00:57:38 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT
[2012/03/20 23:56:02 | 3152,515,072 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/30 00:42:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/24 12:43:37 | 000,006,702 | ---- | M] () -- C:\Live Updater_log.txt
[2009/02/15 00:20:12 | 000,000,243 | ---- | M] () -- C:\log.html
[2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
[2008/09/30 00:42:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/22 14:37:03 | 000,000,827 | ---- | M] () -- C:\net_save.dna
[2012/03/20 23:56:00 | 430,964,735 | -HS- | M] () -- C:\pagefile.sys
[2010/07/30 14:32:10 | 000,061,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_30.07.2010_14.31.10_log.txt
[2011/05/25 21:42:28 | 000,060,906 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.05.2011_21.41.55_log.txt
[2012/02/13 18:43:50 | 000,076,410 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_17.43.22_log.txt
[2012/02/14 00:37:48 | 000,076,924 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_23.36.51_log.txt
[2012/02/17 23:23:31 | 000,075,352 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_17.02.2012_22.22.22_log.txt
[2012/03/08 23:37:30 | 000,074,588 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_08.03.2012_22.37.10_log.txt
[2012/02/13 18:19:25 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_13.02.2012_17.19.22_log.txt
[2012/02/14 00:36:07 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_13.02.2012_23.36.01_log.txt
[2012/02/14 15:21:23 | 000,149,276 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_14.02.2012_14.16.19_log.txt
[2012/03/17 01:12:15 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_17.03.2012_01.12.10_log.txt
[2012/03/17 01:25:58 | 000,297,724 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_17.03.2012_01.12.41_log.txt
[2008/09/30 15:26:32 | 000,000,011 | ---- | M] () -- C:\trace.ini

< %systemroot%\Fonts\*.com >
[2010/08/02 11:39:32 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2010/08/02 11:39:32 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2010/08/02 11:39:32 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/08/02 11:39:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2001/11/20 15:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\Windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012/01/24 21:15:17 | 015,028,931 | ---- | M] () -- C:\Program Files\bibjam80.zip
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/20 16:55:58 | 000,000,574 | -HS- | M] () -- C:\Users\Dawon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
[2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/02/13 18:19:08 | 001,161,112 | ---- | M] (Double Simple LLC) -- C:\Users\Dawon\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe
[2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2009/08/13 11:14:17 | 000,472,064 | ---- | M] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
[2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012/03/20 23:56:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/20 23:49:33 | 000,032,650 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/06/17 20:00:39 | 000,070,984 | ---- | M] () -- C:\Users\Dawon\g2mdlhlpx.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/07/27 23:59:44 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/07/27 23:59:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/09/16 23:00:09 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/09/16 23:00:09 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/21 16:56:22 | 000,000,402 | -HS- | M] () -- C:\Users\Dawon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/02/26 12:38:10 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/13 16:48:49 | 000,000,440 | ---- | M] () -- C:\ProgramData\xR088cMiciJQkt
[2012/02/13 16:46:37 | 000,000,304 | ---- | M] () -- C:\ProgramData\~xR088cMiciJQkt
[2012/02/13 16:46:37 | 000,000,208 | ---- | M] () -- C:\ProgramData\~xR088cMiciJQktr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 03:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/08/02 09:49:33 | 000,000,000 | -H-D | M](C:\Users\Dawon\Favorites\?¤sorted Bookmarks) -- C:\Users\Dawon\Favorites\๐¤sorted Bookmarks

< End of report >
 
Extras - part 1


OTL Extras logfile created on: 3/21/2012 12:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.91% Memory free
7.25 Gb Paging File | 6.74 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 181.97 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F54206-0AFB-4F55-B55A-6370DCEBE52F}" = rport=445 | protocol=6 | dir=out | app=system |
"{15F5C0CE-0BFE-466E-90B5-A9DDDC302BAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{1FEF0AC7-2555-416A-9385-26212D247CE5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{207DC617-5F4F-411D-A9AF-26A1AF9D2982}" = lport=139 | protocol=6 | dir=in | app=system |
"{27D9FCEE-2DE2-48D4-9C14-5BDDD1AB0A8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{343DBAD7-12DD-42FC-8562-BFBEB53C082B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3A2B1CA2-ACB9-4B28-9E2F-F64C5E3D3693}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3CBD9E1E-740C-41BC-9FF4-514F3752FCCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{44DE0CC1-7B54-4704-9E01-93C1620F767D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{472F640B-0EEC-42A6-85D0-4CE8D25B9C45}" = rport=138 | protocol=17 | dir=out | app=system |
"{49541609-0E90-461C-A426-A093D9FCA199}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{54CFC575-2586-4BDE-9EBB-4FB69E0F7B48}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B6EB375-2675-4B13-BA16-F4BB2524DE34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F71E927-3B4B-4340-8777-ECC2F391EAE5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6694DC23-934D-445F-8B16-FF928C82F29A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7142DD8E-54F0-4939-8A2F-E5DE3D6E53B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75AB2938-BAB4-4331-8402-E4C696998524}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CE7DEE2-44BE-4700-B654-EA129D97F81E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EE966FF-FCCA-4A4B-9628-6035AA7D4151}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A42E0A7E-E596-4BDB-A20C-83126F91A12B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4D7F216-5F99-4A64-BFA1-DEAA45CFE357}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A9052AE8-EB2B-42C6-A5DB-E52E7644DDC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA06284E-1795-4A10-BE99-40B4DE0C5E81}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACBDA73B-D570-4E78-9646-7850276E90C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B467A10F-48F3-4F82-88AA-DBDD4EA4BFEB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B6C13F61-7EF0-4241-9E38-D9E173BB220D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C677DC70-48B8-4DAE-8FC5-45EF480CB258}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{D87C47BA-671A-448D-96ED-C84C149FC049}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAE95DD1-AA1B-4C52-BDED-8EB224C6C65C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E4E53C35-B47B-4D4F-BB76-40869BBA1816}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E8D59E9E-2736-47F1-A471-07D795427A60}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F6EBFD8E-6553-4285-965B-C2C764C422FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FB10DFDB-2A2E-4C2A-8A5F-EF99121E86DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FB669A80-9A76-4F75-8EED-1D0DC9A8893F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD82AE64-9C47-462D-9CCA-A99D6F0E8728}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B130DC-63D9-4132-8A33-A0D3BE4ABF29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{02CBB9A9-A757-4637-A7A0-C5AA1D1C8157}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0CDB5B44-C3FC-4198-B308-68E0E86C91CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{16E7F1BD-59E1-4C41-8E6C-30160206234D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1A4164AC-0E09-4279-8606-A1D0ABE4380F}" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1CAF5247-AC48-49FC-8616-8EA1C12F2DE8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29F67EF0-A54A-4CE1-89B7-67C45E0D1E45}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{308352F3-2A52-4B9C-9594-9918F09D969C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3A25E49A-0902-4085-8E7B-69474069480F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3FD6025D-7CAD-4532-BA18-9132B4EF1152}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5268C4CB-3802-455A-9B64-DA5112F5D36D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53087A42-7663-490E-8DFA-5382B755B3A0}" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6156E043-4D4D-4A9C-80E8-65A54BC91B14}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{6F6D1380-6CF6-42A6-971F-9D4CB2881B89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72A94663-EE1B-4224-9F84-ACD5EDCBE427}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{78F91081-79D3-4BCF-B696-7EEEEE52C0A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B2200BE-8DB8-4C9C-BF86-C1403B367FB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5C15F5-A11C-4924-A60C-07F8DB593518}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FFF93BC-4E51-43A6-9473-448543215D70}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8334F68D-CCDE-4B26-9245-9AC58F42DDD7}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{8FF11533-DEFE-4271-A7BE-EC27976A09E4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C2B9CCB-0A09-446A-BE90-C82CF2D261A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CE4E8EA-372E-494F-87AB-62DDA09291C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A76BA5FB-D845-4DBD-938B-89D79E2F9B97}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AAB9D846-18FF-4264-BF8A-60A2C991B06E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE3E0B9A-CFA7-4AF0-A871-416A32F30E87}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AFF20ADB-FB7C-423B-9377-7F7C52CD7293}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B199423A-62DB-4DEB-A985-34556D88CBCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB170719-B959-486E-A9AC-7619F24F3291}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C03E67FC-197C-4A4D-875C-0F13C422A8E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C471E80F-87AC-4C5D-AA1A-003641EDD40F}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{C8B3BF95-B471-448F-B44F-DBA036E70242}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C8E7AB52-AD31-4E8E-9005-7D499F6AEB8E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CDDD4075-A833-4E38-852C-9DAA95360AAA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE89C4F7-2BD6-4B72-999A-7DC13807E95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D5000FA7-150D-4E50-83EC-55950C457595}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7006C18-C67E-47ED-B8FF-C749BC8056E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3E79366-DB5A-4D62-88B2-CD4FFB2E4E2D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4FA94E5-F860-4D97-B011-E65CEFD214B3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E6B33C8D-774A-490C-9C17-4732CA00F464}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{E89156B2-317C-4640-A375-08103AF1FF65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EBBC75C5-3408-44DB-94FB-FD29508B1478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED27F482-AD15-4B28-BF6A-F7FF3FA42D96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0E2627E8-7FDB-4724-B397-6B09DD66F013}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1236F671-B9D5-4E73-9192-45CED4F577C2}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{60A362B6-8DBC-4DF4-AED6-3D10A2AA8B91}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=6 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
"TCP Query User{8D26C1F0-0D24-46D4-8FE7-622DDC9B958A}C:\program files\localphone\bin\localphoned.exe" = protocol=6 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
"TCP Query User{BF5258A0-724B-4FE6-87CD-D1878D17FCF1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{C6FCC1C8-E0DA-48A4-8826-36E3B51C4DD3}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{15A7DEB5-8C30-4EA9-BBA4-9C5C4B9F8E09}C:\program files\localphone\bin\localphoned.exe" = protocol=17 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
"UDP Query User{1C8ADEBF-01EE-4C1F-8FCF-6BB4E887525E}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{79CE2D96-F7C4-42C1-A26C-5B674F595700}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9B11D534-44F1-4B18-8001-75F21FD5F472}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=17 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
"UDP Query User{F02EB749-4E6C-40DB-8C40-71E7A4B10611}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{F4DDCCD4-9EFF-4E51-8093-F7270146FEF4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = CA Desktop DNA Migrator
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E0120-C782-40B5-A88F-1ED52BEB3859}" = Windows Installer XML Toolset 3.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
 
Extras - part 2


"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E91E8912-769D-42F0-8408-0E329443BABC}" = PCI GW-US54Mini2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"CNXT_MODEM_PCIE_HSF" = PCIe Soft Voice SoftRing Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"Free File Opener" = Free File Opener
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = PRODUCT_NAME
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Localphone_is1" = Localphone version 1.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Middle School Advantage 2001" = Middle School Advantage 2001
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pidgin" = Pidgin
"Protected Folder_is1" = Protected Folder
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Security Task Manager" = Security Task Manager 1.8d
"Smart Defrag 2_is1" = Smart Defrag 2
"STANDARDR" = Microsoft Office Standard 2007
"SystemRequirementsLab" = System Requirements Lab
"VCardExport_is1" = VCardExportTool
"VISPRO" = Microsoft Office Visio Professional 2007
"WildTangent hp Master Uninstall" = My HP Games
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"419506f87bc706d3" = MXit EVO PC
"American Heritage Talking Dictionary" = American Heritage Talking Dictionary
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2012 11:52:53 PM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:51:12 AM | Computer Name = Dawon-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/21/2012 12:51:20 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:51:21 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:51:26 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:52:06 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:56:23 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

[ Cisco AnyConnect VPN Client Events ]
Error - 11/17/2009 6:11:02 PM | Computer Name = Dawon-PC | Source = vpndownloader | ID = 50659329
Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: ..\Api\ProfileMgr.cpp
Line:
97 Description: unknown

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: CVCMSSaxParser Return code: 0xC00CEE3B File: .\xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: The name in the end tag
of the element must match the element type in the start tag.

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: XmlParser::invokeParser Return code: 0xC00CEE3B File: .\xml\XmlParser.cpp
Line:
207 Description: WINDOWS_ERROR_CODE Error encountered during parse. C:\ProgramData\Cisco\Cisco
AnyConnect VPN Client\Profile\DLPodAll2.xml

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: loadProfile Return code: 0xFE000009 File: .\ProfileMgr.cpp
Line:
218 Description: unknown Unable to parse the profile. Host data may not available.
: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile\DLPodAll2.xml

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: .\ProfileMgr.cpp
Line:
97 Description: unknown

Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1279 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 100.1.0.0 Netmask:
255.255.0.0 Gateway: 100.1.3.1 Interface: 100.1.3.1 Metric: 1

Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

[ Media Center Events ]
Error - 2/9/2012 5:13:50 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:18:48 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:22:02 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:22:57 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 10:19:12 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:18:15 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:19:34 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:20:24 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:20:41 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:21:22 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 5/9/2011 12:01:36 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2011 3:22:39 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:05:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:06:37 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:07:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:14:30 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2011 4:19:41 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2011 3:07:18 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2011 3:12:34 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/12/2011 6:22:53 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/21/2012 12:56:55 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
 
Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    PRC - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    SRV - File not found [On_Demand | Stopped] -- -- (VQYLZES)
    SRV - File not found [On_Demand | Stopped] -- -- (MPUW)
    SRV - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl9900cb84)
    IE - HKLM\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    [2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\se archplugins\bing-zugo.xml
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
    O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No CLSID value found.
    O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell - "" = AutoRun
    O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
    O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell - "" = AutoRun
    O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
    [2012/03/19 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
    [2012/02/13 16:46:37 | 000,000,304 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQkt
    [2012/02/13 16:46:37 | 000,000,208 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQktr
    [2012/02/13 16:46:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\xR088cMiciJQkt
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\CA
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
Oh wow, you're the first I heard mention this. I was really beginning to like Advanced SystemCare. My computer takes a while to startup and I was also under the persuasion that utilities like that and CCleaner (which I also have and love) help to speed up my computer. I've uninstalled Advanced SystemCare now.


OTL Run Fix log


All processes killed
========== OTL ==========
Process LogWatNT.exe killed successfully!
Service VQYLZES stopped successfully!
Service VQYLZES deleted successfully!
Service MPUW stopped successfully!
Service MPUW deleted successfully!
Service LogWatch stopped successfully!
Service LogWatch deleted successfully!
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe moved successfully.
Service MpKsl9900cb84 stopped successfully!
Service MpKsl9900cb84 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
Registry key HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
File C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\se archplugins\bing-zugo.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ deleted successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
File F:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
File F:\autoplay.exe not found.
C:\ProgramData\CA\Consumer\CCube folder moved successfully.
C:\ProgramData\CA\Consumer folder moved successfully.
C:\ProgramData\CA folder moved successfully.
C:\ProgramData\~xR088cMiciJQkt moved successfully.
C:\ProgramData\~xR088cMiciJQktr moved successfully.
C:\ProgramData\xR088cMiciJQkt moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\CA\SharedComponents\HIPSEngine(57)\Install folder moved successfully.
C:\Program Files\CA\SharedComponents\HIPSEngine(57) folder moved successfully.
C:\Program Files\CA\SharedComponents\CA_LIC folder moved successfully.
C:\Program Files\CA\SharedComponents folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite folder moved successfully.
C:\Program Files\CA folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.Dawon-PC
->Temp folder emptied: 32848 bytes
->Temporary Internet Files folder emptied: 98706 bytes
->Java cache emptied: 3439403 bytes
->FireFox cache emptied: 6689413 bytes
->Google Chrome cache emptied: 19392315 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 502 bytes

User: All Users

User: Dawon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5186478 bytes
->Java cache emptied: 570030 bytes
->FireFox cache emptied: 43106527 bytes
->Google Chrome cache emptied: 155435109 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14317 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 1546278 bytes
->Temporary Internet Files folder emptied: 24883842 bytes
->Java cache emptied: 13689277 bytes
->FireFox cache emptied: 8332568 bytes
->Google Chrome cache emptied: 32953028 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2040 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8275685 bytes

Total Files Cleaned = 309.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.Dawon-PC
->Java cache emptied: 0 bytes

User: All Users

User: Dawon
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Dawon-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Dawon
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_115111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
OTL Quick Scan log


OTL logfile created on: 3/21/2012 11:58:22 AM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 67.61% Memory free
7.25 Gb Paging File | 6.38 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 177.87 Gb Free Space | 61.99% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 22:35:35 | 000,444,400 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppgooglenaclpluginchrome.dll
MOD - [2012/03/18 22:35:33 | 003,915,248 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
MOD - [2012/03/18 22:34:08 | 000,122,880 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avutil-51.dll
MOD - [2012/03/18 22:34:07 | 000,220,672 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avformat-53.dll
MOD - [2012/03/18 22:34:06 | 001,747,456 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avcodec-53.dll
MOD - [2012/03/18 21:53:06 | 008,593,056 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 13:48:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/16 19:00:08 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/03/26 21:37:52 | 000,206,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2007/01/30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKLM\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{2BF3535E-BDB0-45E4-B986-EA9F938C7A03}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/30 11:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 19:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 19:14:37 | 000,000,000 | ---D | M]

[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions
[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions
[2010/06/23 13:34:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(102)
[2010/07/27 13:11:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(589)
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\plugin@yontoo.com
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\searchtoolbar@zugo.com
[2010/06/23 13:34:27 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\smarterwiki@wikiatic(101).com
[2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
[2007/10/25 11:46:32 | 000,004,946 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\comcast.xml
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/30 11:11:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/07/28 20:55:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/13 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/19 15:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/13 21:18:58 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2008/12/01 11:50:26 | 000,004,946 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Native Client (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: DivX HiQ = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Facebook News Ticker Remover = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKCU..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D203F38-2A3A-4B6A-9DD0-1C25CCD3DD90}: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 11:51:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/21 00:03:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/20 23:18:29 | 004,441,698 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\GETxPUD
[2012/03/20 21:53:04 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\Windows\System32\LicProtector310.exe
[2012/03/20 21:53:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2012/03/20 21:53:03 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\Windows\System32\gdpicturepro5.ocx
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\PackageAware
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener
[2012/03/20 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/03/20 15:37:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 12:47:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/19 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/19 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/19 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\RAR File Open Knife - Free Opener
[2012/03/19 17:39:57 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2012/03/19 17:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/19 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/03/19 16:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/19 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/19 16:36:18 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/03/19 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 16:30:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/19 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/19 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\SercurityStuff
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/17 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/27 22:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\RockMelt
[2012/02/23 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Localphone

========== Files - Modified Within 30 Days ==========

[2012/03/21 11:58:17 | 000,665,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 11:58:17 | 000,124,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 11:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 11:53:51 | 3152,412,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 11:51:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/20 23:19:33 | 000,002,587 | ---- | M] () -- C:\Users\Dawon\Desktop\Microsoft Office Word 2007.lnk
[2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | M] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
[2012/03/20 21:32:38 | 000,044,607 | ---- | M] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 15:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 20:35:46 | 000,003,416 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 20:05:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/19 16:39:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:20:03 | 000,002,088 | ---- | M] () -- C:\Users\Dawon\Desktop\Google Chrome.lnk
[2012/03/19 16:20:03 | 000,002,050 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | M] () -- C:\Users\Dawon\defogger_reenable
[2012/03/19 10:32:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/18 22:02:04 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/17 17:14:19 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/16 23:25:25 | 000,334,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/16 23:02:05 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/03/08 23:47:47 | 003,909,679 | ---- | M] () -- C:\Users\Dawon\Desktop\tdsskiller.zip
[2012/03/01 15:57:53 | 000,137,216 | ---- | M] () -- C:\Users\Dawon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 16:02:27 | 000,014,632 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg

========== Files Created - No Company Name ==========

[2012/03/20 23:56:02 | 3152,412,672 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/20 22:16:59 | 000,497,272 | ---- | C] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:00 | 000,304,845 | ---- | C] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | C] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | C] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:32:38 | 000,044,607 | ---- | C] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 13:33:13 | 000,302,592 | ---- | C] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/19 20:35:45 | 000,003,416 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 18:50:32 | 000,472,064 | ---- | C] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
[2012/03/19 16:36:22 | 000,039,862 | ---- | C] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:21:13 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Dawon\defogger_reenable
[2012/03/17 17:14:19 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/27 16:02:25 | 000,014,632 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
[2012/01/24 21:14:34 | 015,028,931 | ---- | C] () -- C:\Program Files\bibjam80.zip
[2011/10/14 13:11:40 | 000,025,140 | -H-- | C] () -- C:\Users\Dawon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/24 11:26:40 | 000,017,408 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\WebpageIcons.db
[2011/06/14 00:22:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\ONBV2VER.INI
[2011/06/14 00:22:09 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
[2011/06/14 00:20:35 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
[2011/04/22 16:32:53 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/22 16:32:52 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/14 14:47:43 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/19 12:33:21 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
[2011/03/01 20:10:59 | 000,000,225 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/30 20:57:39 | 000,000,058 | -H-- | C] () -- C:\Windows\popcreg.dat
[2010/12/30 20:57:39 | 000,000,020 | ---- | C] () -- C:\Windows\popcinfot.dat
[2010/07/30 11:13:44 | 000,000,036 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\housecall.guid.cache
[2010/06/29 20:32:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\40Et2gh.dat

========== LOP Check ==========

[2011/02/07 14:31:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\.purple
[2010/03/23 22:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Acronis
[2010/08/24 12:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Amazon
[2011/04/08 20:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Any Video Converter
[2010/08/20 12:42:37 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\BitZipper
[2010/10/20 01:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\CallingID
[2010/06/23 12:42:06 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ChromePlus
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\DriverCure
[2011/11/28 13:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Dropbox
[2010/04/01 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\EuroTalk
[2009/11/15 09:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Flock
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GetRightToGo
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GHISLER
[2010/08/20 12:36:57 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\gnupg
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\gtk-2.0
[2010/07/26 13:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\InfraRecorder
[2012/03/19 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\IObit
[2009/03/03 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\iWin
[2011/06/22 10:47:59 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Linphone
[2011/07/13 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\OpenCandy
[2011/11/28 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Opera
[2010/11/15 21:17:19 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PC Suite
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PC-FAX TX
[2012/03/19 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2008/09/22 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PictureMover
[2009/01/02 01:14:45 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PlayFirst
[2008/11/05 18:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ScanSoft
[2009/06/25 12:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Skinux
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\SpeedyPC Software
[2009/01/13 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Systweak
[2009/05/06 16:31:40 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Template
[2008/09/30 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\ubi.com
[2011/02/24 12:43:47 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WeatherBug
[2009/01/01 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WildTangent
[2008/09/23 14:41:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WinBatch
[2011/06/30 16:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Windows Live Writer
[2009/09/24 22:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\YouSendIt
[2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2012/03/21 11:51:38 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Back