TechSpot

Cannot remove MBR: Alureo rootkit from Vista

Solved
By doowop25
Mar 20, 2012
  1. There is a rootkit malware on my Vista computer called Alureo and it's being detected on this particular partition:

    MBR: \PHYSICALDRIVE0\Partition 3

    I only recall attracting this virus a couple of weeks ago prior to downloading MSE and Avast while browsing. I have recently uninstalled both programs. No program that I've used so far has been successful in removing Alureo.

    Per the request to fulfill the 5-step preliminary removal instructions I have the Malwarebytes log file, and the Gmer log file, but whenever I try to run the DDS file it just seems to run a scan but after 20 minutes there are still no log files popping up and if I try to interrupt my computer stalls and I have to force a reboot. Any help would be appreciated:

    Malewarebytes log file


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.20.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dawon :: DAWON-PC [administrator]

    3/20/2012 1:21:38 PM
    mbam-log-2012-03-20 (13-21-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267369
    Time elapsed: 8 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    First half of Gmer log file

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-20 15:23:38
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD32 rev.01.0
    Running: tykegnrd.exe; Driver: C:\Users\Dawon\AppData\Local\Temp\pwloapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91027DF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9274FA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9102885E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9102D2E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9102D330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9102D422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9102D252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9102D374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9102D29A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9102D3DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91027E44]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9274FB34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91027AD6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91027E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9102AD1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91028B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9102D30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9102D352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9102D446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9102D278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9102D3AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9102D2C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9102D400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9274FCA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x910289CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91027EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91027F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91027B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91027CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91027C92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91027D5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9274FD60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91027F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9274FBE0]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92765D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 81CC1890 4 Bytes [F8, 7D, 02, 91] {CLC ; JGE 0x5; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 131 81CC18B4 4 Bytes [5A, FA, 74, 92] {POP EDX; CLI ; JZ 0xffffffffffffff96}
    .text ntkrnlpa.exe!KeSetEvent + 191 81CC1914 4 Bytes JMP 8454779A
    .text ntkrnlpa.exe!KeSetEvent + 1D1 81CC1954 8 Bytes [E4, D2, 02, 91, 30, D3, 02, ...] {IN AL, 0xd2; ADD DL, [ECX-0x6efd2cd0]}
    .text ntkrnlpa.exe!KeSetEvent + 1DD 81CC1960 4 Bytes [22, D4, 02, 91]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DEC62F 5 Bytes JMP 92762C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 81E45543 5 Bytes JMP 9276474C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81E4EE68 4 Bytes CALL 910291B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81E52ADC 4 Bytes CALL 910291CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 81EA6DCA 7 Bytes JMP 92765D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[628] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[644] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\wininit.exe[688] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[688] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[688] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[688] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[688] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[696] KERNEL32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[732] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[732] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[732] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[732] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[732] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[732] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[732] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[732] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[732] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\lsm.exe[760] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[760] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[760] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[760] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00170600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00180600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00180804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[780] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001401F8
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001403FC
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001603FC
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00160600
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00161014
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00160804
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00160A08
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00160C0C
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00160E10
    .text C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe[808] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000603FC
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00061014
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00060C0C
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00060E10
    .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00070600
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001003FC
    .text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A
     
  2. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Second half of Gmer log file


    76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000C0600
    .text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000C0804
    .text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000C0A08
    .text C:\Windows\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 000B0600
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 000B1014
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 000B0804
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 000B0C0C
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 000B0E10
    .text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00170600
    .text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00170804
    .text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00170A08
    .text C:\Windows\System32\svchost.exe[1108] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001701F8
    .text C:\Windows\System32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00120600
    .text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00120804
    .text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00120A08
    .text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001201F8
    .text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001203FC
    .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\AUDIODG.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00BF0600
    .text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00BF0804
    .text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00BF0A08
    .text C:\Windows\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 00BF01F8
    .text C:\Windows\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 00BF03FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00170600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00171014
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00170804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00170A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00170C0C
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00170E10
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001701F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00180600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00180804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00180A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1516] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00250600
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00250804
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00250A08
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002501F8
    .text C:\Windows\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002503FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 7549A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1644] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1736] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 000F0804
    .text C:\Windows\system32\svchost.exe[1736] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\svchost.exe[1736] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\svchost.exe[1736] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001401F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001403FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 001603FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00160600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00161014
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00160804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00160A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00160C0C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00160E10
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00270600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00270804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00270A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002701F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2152] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002703FC
    .text C:\Windows\system32\SearchIndexer.exe[2324] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[2324] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[2324] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[2324] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[2324] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
    .text C:\Users\Dawon\Desktop\tykegnrd.exe[2632] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[2636] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[2636] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2648] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2648] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2648] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2648] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2648] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2648] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2648] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Defender\MSASCui.exe[2744] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2800] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2844] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00120600
    .text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00120804
    .text C:\Windows\System32\svchost.exe[2844] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00120A08
    .text C:\Windows\System32\svchost.exe[2844] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001201F8
    .text C:\Windows\System32\svchost.exe[2844] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001203FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 001501F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 001503FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 003E0600
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 003E0804
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 003E0A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 003E01F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 003E03FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 003F03FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 003F0600
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 003F1014
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 003F0804
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 003F0A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 003F0C0C
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 003F0E10
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[2876] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 003F01F8
    .text C:\Windows\system32\taskeng.exe[2932] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2932] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2932] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2932] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00090600
    .text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00090804
     
  3. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Third part to Gmer log file

    .text C:\Windows\system32\taskeng.exe[2932] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\taskeng.exe[2932] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\taskeng.exe[2932] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000903FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 002703FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00270600
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00271014
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00270804
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00270A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00270C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00270E10
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 002701F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00280600
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00280804
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00280A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 002801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3076] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 002803FC
    .text C:\Windows\system32\svchost.exe[3736] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3736] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3736] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3736] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3808] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3808] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3808] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3808] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00150600
    .text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00150804
    .text C:\Windows\system32\svchost.exe[3808] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00150A08
    .text C:\Windows\system32\svchost.exe[3808] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 001501F8
    .text C:\Windows\system32\svchost.exe[3808] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 001503FC
    .text C:\Windows\System32\mobsync.exe[3980] ntdll.dll!LdrLoadDll 76DD9378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\mobsync.exe[3980] ntdll.dll!LdrUnloadDll 76DEB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\mobsync.exe[3980] kernel32.dll!GetBinaryTypeW + 70 754C2467 1 Byte [62]
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!CreateServiceW 766F9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!DeleteService 766FA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 76736CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 76736DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 76736F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 76737099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 767371E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\mobsync.exe[3980] ADVAPI32.dll!CreateServiceA 767372A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWindowsHookExA 76856322 5 Bytes JMP 00080600
    .text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWindowsHookExW 768587AD 5 Bytes JMP 00080804
    .text C:\Windows\System32\mobsync.exe[3980] USER32.dll!UnhookWindowsHookEx 768598DB 5 Bytes JMP 00080A08
    .text C:\Windows\System32\mobsync.exe[3980] USER32.dll!SetWinEventHook 76859F3A 5 Bytes JMP 000801F8
    .text C:\Windows\System32\mobsync.exe[3980] USER32.dll!UnhookWinEvent 7685C06F 5 Bytes JMP 000803FC

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C3F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys
    AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\IObit\Protected Folder\config.ini 57 bytes
    File C:\ProgramData\IObit\Protected Folder\drawposs.db 0 bytes
    File C:\ProgramData\IObit\Protected Folder\fstile.cds 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    aswMBR log file

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 21:12:47
    -----------------------------
    21:12:47.074 OS Version: Windows 6.0.6002 Service Pack 2
    21:12:47.074 Number of processors: 2 586 0x6B02
    21:12:47.077 ComputerName: DAWON-PC UserName: Dawon
    21:12:48.544 Initialize success
    21:14:20.429 AVAST engine defs: 12032000
    21:14:32.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    21:14:32.645 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    21:14:32.668 Disk 0 MBR read successfully
    21:14:32.679 Disk 0 MBR scan
    21:14:32.702 Disk 0 unknown MBR code
    21:14:32.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
    21:14:32.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
    21:14:32.782 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 625137345
    21:14:32.797 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
    21:14:32.806 Disk 0 scanning sectors +625142432
    21:14:32.868 Disk 0 scanning C:\Windows\system32\drivers
    21:14:43.697 Service scanning
    21:15:07.613 Modules scanning
    21:15:12.341 Disk 0 trace - called modules:
    21:15:12.357 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    21:15:12.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b52f0]
    21:15:12.359 3 CLASSPNP.SYS[823358b3] -> nt!IofCallDriver -> [0x84e4f4d0]
    21:15:12.360 5 acpi.sys[822126bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec15f8]
    21:15:13.887 AVAST engine scan C:\Windows
    21:15:17.371 AVAST engine scan C:\Windows\system32
    21:16:02.690 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
    21:18:23.690 AVAST engine scan C:\Windows\system32\drivers
    21:18:37.436 AVAST engine scan C:\Users\Dawon
    21:24:42.899 AVAST engine scan C:\ProgramData
    21:28:32.944 Scan finished successfully
    21:29:49.400 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
    21:29:49.410 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"

    Bootkit Remover log file


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 6e1c385735071a353ec369fd572116f3

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...

    *While attempting to run the boot cleaner I get the following warning message:
    "ATA_Pass_Through_Direct is not supported by your disk controller"
    "SCSI_Pass_Through_Direct will be use for disk I/O"

    After I click ok then I guess it does it's thing.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  7. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    ListParts log

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Dawon (administrator) on 20-03-2012 at 22:04:21
    Windows Vista (X86)
    Running From: C:\Users\Dawon\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 28%
    Total physical RAM: 3005.76 MB
    Available physical RAM: 2135.58 MB
    Total Pagefile: 7419.19 MB
    Available Pagefile: 6151.3 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1965.1 MB

    ======================= Partitions =========================

    1 Drive c: (COMPAQ) (Fixed) (Total:286.94 GB) (Free:182.24 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.15 GB) (Free:1.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 287 GB 32 KB
    Partition 2 Primary 11 GB 287 GB
    Partition 3 Primary 2544 KB 298 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C COMPAQ NTFS Partition 287 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 11 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    ****** End Of Log ******
     
  8. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.



    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Click Menu then Terminal Emulator
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 3
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
     
  9. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    What exactly do you mean by, "to the desktop of my clean computer?"
    You mean the one that I'm trying to fix right now?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    It'd be better to create the above CD on another working computer but if you don't have one use the one we've been working on.
     
  11. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    aswMBR log


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 21:12:47
    -----------------------------
    21:12:47.074 OS Version: Windows 6.0.6002 Service Pack 2
    21:12:47.074 Number of processors: 2 586 0x6B02
    21:12:47.077 ComputerName: DAWON-PC UserName: Dawon
    21:12:48.544 Initialize success
    21:14:20.429 AVAST engine defs: 12032000
    21:14:32.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    21:14:32.645 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    21:14:32.668 Disk 0 MBR read successfully
    21:14:32.679 Disk 0 MBR scan
    21:14:32.702 Disk 0 unknown MBR code
    21:14:32.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
    21:14:32.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
    21:14:32.782 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 625137345
    21:14:32.797 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
    21:14:32.806 Disk 0 scanning sectors +625142432
    21:14:32.868 Disk 0 scanning C:\Windows\system32\drivers
    21:14:43.697 Service scanning
    21:15:07.613 Modules scanning
    21:15:12.341 Disk 0 trace - called modules:
    21:15:12.357 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    21:15:12.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b52f0]
    21:15:12.359 3 CLASSPNP.SYS[823358b3] -> nt!IofCallDriver -> [0x84e4f4d0]
    21:15:12.360 5 acpi.sys[822126bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec15f8]
    21:15:13.887 AVAST engine scan C:\Windows
    21:15:17.371 AVAST engine scan C:\Windows\system32
    21:16:02.690 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
    21:18:23.690 AVAST engine scan C:\Windows\system32\drivers
    21:18:37.436 AVAST engine scan C:\Users\Dawon
    21:24:42.899 AVAST engine scan C:\ProgramData
    21:28:32.944 Scan finished successfully
    21:29:49.400 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
    21:29:49.410 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-20 22:53:09
    -----------------------------
    22:53:09.488 OS Version: Windows 6.0.6002 Service Pack 2
    22:53:09.488 Number of processors: 2 586 0x6B02
    22:53:09.488 ComputerName: DAWON-PC UserName: Dawon
    22:53:10.970 Initialize success
    22:53:20.081 AVAST engine defs: 12032000
    22:53:26.773 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    22:53:26.773 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    22:53:26.804 Disk 0 MBR read successfully
    22:53:26.820 Disk 0 MBR scan
    22:53:26.835 Disk 0 unknown MBR code
    22:53:26.835 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293829 MB offset 63
    22:53:26.898 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11413 MB offset 601762770
    22:53:26.913 Disk 0 scanning sectors +625137345
    22:53:27.038 Disk 0 scanning C:\Windows\system32\drivers
    22:53:48.124 Service scanning
    22:54:19.365 Modules scanning
    22:54:24.637 Disk 0 trace - called modules:
    22:54:24.681 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    22:54:24.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853b2060]
    22:54:24.707 3 CLASSPNP.SYS[8073a8b3] -> nt!IofCallDriver -> [0x84ec97c8]
    22:54:24.716 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\00000055[0x84ec9c90]
    22:54:26.387 AVAST engine scan C:\Windows
    22:54:30.837 AVAST engine scan C:\Windows\system32
    22:55:24.726 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
    22:58:40.519 AVAST engine scan C:\Windows\system32\drivers
    22:59:28.019 AVAST engine scan C:\Users\Dawon
    23:06:30.233 AVAST engine scan C:\ProgramData
    23:07:50.681 Disk 0 MBR has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\MBR.dat"
    23:07:50.696 The log file has been saved successfully to "C:\Users\Dawon\Desktop\SercurityStuff\aswMBR.txt"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    When I run Combofix it displays message that it cannot run because I have CA antivirus installed, but I don't have CA installed. I had it once before a couple years ago but I'm not sure what file it thinks is CA Antivirus
     
  14. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    If it's just a warning and it'll run, run it.
     
  15. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    It won't run, it just closes out. Here is the message:

    Warning:
    Combofix cannot run when CA Anti-virus is installed. Please uninstall CA Anti-virus or use another tool.

    The only option it gives me is to click ok, or I can click the 'x' and close the window out. Either way, the tool closes out. Strange because I no longer have CA Anti-virus.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Try safe mode.
     
  17. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Ok, just tried it in safe mode and I still get the same message. Earlier I found a CA fix for the issue of uninstalling all of their software because unfortunately there's no complete uninstall on their program but the fix didn't seem to work either.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    OTL log - part 1


    OTL logfile created on: 3/21/2012 12:08:39 AM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.91% Memory free
    7.25 Gb Paging File | 6.74 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286.94 Gb Total Space | 181.97 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
    Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

    Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/31 14:14:36 | 000,421,208 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/04/21 17:54:40 | 000,347,024 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
    MOD - [2011/04/21 17:54:40 | 000,179,088 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
    MOD - [2011/04/21 17:54:40 | 000,046,480 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (VQYLZES)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - File not found [On_Demand | Stopped] -- -- (MPUW)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/11/18 13:48:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl9900cb84)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
    DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/16 19:00:08 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
    DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2007/03/26 21:37:52 | 000,206,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
    DRV - [2007/01/30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKLM\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    IE - HKLM\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{2BF3535E-BDB0-45E4-B986-EA9F938C7A03}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
    FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/30 11:11:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 19:14:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 19:14:37 | 000,000,000 | ---D | M]

    [2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions
    [2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
    [2012/02/14 23:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions
    [2010/06/23 13:34:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(102)
    [2010/07/27 13:11:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(589)
    [2012/02/14 23:54:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\plugin@yontoo.com
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\searchtoolbar@zugo.com
    [2010/06/23 13:34:27 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\smarterwiki@wikiatic(101).com
    [2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
    [2007/10/25 11:46:32 | 000,004,946 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\comcast.xml
    [2012/03/19 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2012/03/19 15:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/01/30 11:11:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2009/07/28 20:55:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/09/13 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/03/19 15:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/13 21:18:58 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2008/12/01 11:50:26 | 000,004,946 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

    ========== Chrome ==========
     
  20. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    part 2


    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Native Client (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
    CHR - Extension: DivX HiQ = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: Facebook News Ticker Remover = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.3_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
    O4 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
    O4 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe (IObit)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D203F38-2A3A-4B6A-9DD0-1C25CCD3DD90}: DhcpNameServer = 192.168.15.1
    O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
    O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell - "" = AutoRun
    O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
    O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell - "" = AutoRun
    O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.MP42 - MPG4C32.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/21 00:03:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    [2012/03/20 23:18:29 | 004,441,698 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
    [2012/03/20 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\GETxPUD
    [2012/03/20 21:53:04 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\Windows\System32\LicProtector310.exe
    [2012/03/20 21:53:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
    [2012/03/20 21:53:03 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\Windows\System32\gdpicturepro5.ocx
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\PackageAware
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener
    [2012/03/20 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2012/03/20 15:37:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
    [2012/03/20 12:47:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
    [2012/03/19 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/03/19 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    [2012/03/19 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/03/19 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
    [2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener
    [2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\RAR File Open Knife - Free Opener
    [2012/03/19 17:39:57 | 000,000,000 | -H-D | C] -- C:\Config.msi
    [2012/03/19 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
    [2012/03/19 17:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/19 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/03/19 16:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/19 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/03/19 16:36:18 | 000,000,000 | ---D | C] -- C:\MGtools
    [2012/03/19 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/19 16:30:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/19 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/19 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\SercurityStuff
    [2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/03/17 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/03/17 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/02/27 22:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\RockMelt
    [2012/02/23 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Localphone
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    [2012/03/21 00:00:26 | 000,665,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/21 00:00:26 | 000,124,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/20 23:56:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/20 23:56:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/20 23:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/20 23:56:02 | 3152,515,072 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/20 23:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/20 23:19:33 | 000,002,587 | ---- | M] () -- C:\Users\Dawon\Desktop\Microsoft Office Word 2007.lnk
    [2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
    [2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
    [2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
    [2012/03/20 21:53:04 | 000,000,812 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
    [2012/03/20 21:53:04 | 000,000,788 | ---- | M] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
    [2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
    [2012/03/20 21:32:38 | 000,044,607 | ---- | M] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
    [2012/03/20 15:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
    [2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
    [2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
    [2012/03/19 20:35:46 | 000,003,416 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
    [2012/03/19 20:05:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/03/19 16:39:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
    [2012/03/19 16:30:37 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/19 16:20:03 | 000,002,088 | ---- | M] () -- C:\Users\Dawon\Desktop\Google Chrome.lnk
    [2012/03/19 16:20:03 | 000,002,050 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/03/19 16:01:59 | 000,000,000 | ---- | M] () -- C:\Users\Dawon\defogger_reenable
    [2012/03/19 10:32:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/03/18 22:02:04 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/03/17 17:14:19 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/16 23:25:25 | 000,334,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/16 23:02:05 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2012/03/08 23:47:47 | 003,909,679 | ---- | M] () -- C:\Users\Dawon\Desktop\tdsskiller.zip
    [2012/03/01 15:57:53 | 000,137,216 | ---- | M] () -- C:\Users\Dawon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/27 16:02:27 | 000,014,632 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/20 23:56:02 | 3152,515,072 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/20 22:16:59 | 000,497,272 | ---- | C] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
    [2012/03/20 22:04:00 | 000,304,845 | ---- | C] () -- C:\Users\Dawon\Desktop\ListParts.exe
    [2012/03/20 21:53:04 | 000,000,812 | ---- | C] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
    [2012/03/20 21:53:04 | 000,000,788 | ---- | C] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
    [2012/03/20 21:32:38 | 000,044,607 | ---- | C] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
    [2012/03/20 13:33:13 | 000,302,592 | ---- | C] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
    [2012/03/19 20:35:45 | 000,003,416 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
    [2012/03/19 18:50:32 | 000,472,064 | ---- | C] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
    [2012/03/19 16:36:22 | 000,039,862 | ---- | C] () -- C:\MGlogs.zip
    [2012/03/19 16:30:37 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/19 16:21:13 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/19 16:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Dawon\defogger_reenable
    [2012/03/17 17:14:19 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/02/27 16:02:25 | 000,014,632 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
    [2012/02/13 16:46:37 | 000,000,304 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQkt
    [2012/02/13 16:46:37 | 000,000,208 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQktr
    [2012/02/13 16:46:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\xR088cMiciJQkt
    [2012/01/24 21:14:34 | 015,028,931 | ---- | C] () -- C:\Program Files\bibjam80.zip
    [2011/10/14 13:11:40 | 000,025,140 | -H-- | C] () -- C:\Users\Dawon\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/09/24 11:26:40 | 000,017,408 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\WebpageIcons.db
    [2011/06/14 00:22:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\ONBV2VER.INI
    [2011/06/14 00:22:09 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
    [2011/06/14 00:20:35 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
    [2011/04/22 16:32:53 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    [2011/04/22 16:32:52 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2011/04/14 14:47:43 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011/03/19 12:33:21 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
    [2011/03/01 20:10:59 | 000,000,225 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/12/30 20:57:39 | 000,000,058 | -H-- | C] () -- C:\Windows\popcreg.dat
    [2010/12/30 20:57:39 | 000,000,020 | ---- | C] () -- C:\Windows\popcinfot.dat
    [2010/07/30 11:13:44 | 000,000,036 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\housecall.guid.cache
    [2010/06/29 20:32:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\40Et2gh.dat

    ========== LOP Check ==========

    [2010/03/12 01:06:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\CallingID
    [2010/06/25 09:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/04/27 12:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\IObit
    [2012/02/23 16:11:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Dawon-PC\AppData\Roaming\Linphone
    [2011/02/07 14:31:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\.purple
    [2010/03/23 22:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Acronis
    [2010/08/24 12:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Amazon
    [2011/04/08 20:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Any Video Converter
    [2010/08/20 12:42:37 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\BitZipper
    [2010/10/20 01:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\CallingID
    [2010/06/23 12:42:06 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ChromePlus
    [2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\DriverCure
    [2011/11/28 13:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Dropbox
    [2010/04/01 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\EuroTalk
    [2009/11/15 09:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Flock
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GetRightToGo
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GHISLER
    [2010/08/20 12:36:57 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\gnupg
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\gtk-2.0
    [2010/07/26 13:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\InfraRecorder
    [2012/03/19 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\IObit
    [2009/03/03 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\iWin
    [2011/06/22 10:47:59 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Linphone
    [2011/07/13 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\OpenCandy
    [2011/11/28 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Opera
    [2010/11/15 21:17:19 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PC Suite
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PC-FAX TX
    [2012/03/19 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
    [2008/09/22 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PictureMover
    [2009/01/02 01:14:45 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PlayFirst
    [2008/11/05 18:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ScanSoft
    [2009/06/25 12:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Skinux
    [2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\SpeedyPC Software
    [2009/01/13 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Systweak
    [2009/05/06 16:31:40 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Template
    [2008/09/30 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\ubi.com
    [2011/02/24 12:43:47 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WeatherBug
    [2009/01/01 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WildTangent
    [2008/09/23 14:41:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WinBatch
    [2011/06/30 16:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Windows Live Writer
    [2009/09/24 22:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\YouSendIt
    [2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2010/06/20 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CallingID
    [2009/11/08 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Flock
    [2011/03/31 11:49:45 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux
    [2011/06/03 13:43:38 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
    [2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2012/03/20 23:49:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/10/28 17:20:19 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/08/04 13:59:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/07/26 14:58:22 | 000,250,473 | ---- | M] () -- C:\boyle1e_student_project_files-1 (4).7z
    [2009/01/21 01:28:02 | 000,036,947 | ---- | M] () -- C:\caavsetupLog.txt
    [2012/03/19 19:33:38 | 009,709,754 | ---- | M] () -- C:\caisslog.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/03/05 19:35:47 | 000,000,079 | ---- | M] () -- C:\DVDPATH.TXT
    [2009/11/21 00:57:38 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT
    [2012/03/20 23:56:02 | 3152,515,072 | -HS- | M] () -- C:\hiberfil.sys
    [2008/09/30 00:42:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/24 12:43:37 | 000,006,702 | ---- | M] () -- C:\Live Updater_log.txt
    [2009/02/15 00:20:12 | 000,000,243 | ---- | M] () -- C:\log.html
    [2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
    [2008/09/30 00:42:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/09/22 14:37:03 | 000,000,827 | ---- | M] () -- C:\net_save.dna
    [2012/03/20 23:56:00 | 430,964,735 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/30 14:32:10 | 000,061,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_30.07.2010_14.31.10_log.txt
    [2011/05/25 21:42:28 | 000,060,906 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_25.05.2011_21.41.55_log.txt
    [2012/02/13 18:43:50 | 000,076,410 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_17.43.22_log.txt
    [2012/02/14 00:37:48 | 000,076,924 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_23.36.51_log.txt
    [2012/02/17 23:23:31 | 000,075,352 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_17.02.2012_22.22.22_log.txt
    [2012/03/08 23:37:30 | 000,074,588 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_08.03.2012_22.37.10_log.txt
    [2012/02/13 18:19:25 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_13.02.2012_17.19.22_log.txt
    [2012/02/14 00:36:07 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_13.02.2012_23.36.01_log.txt
    [2012/02/14 15:21:23 | 000,149,276 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_14.02.2012_14.16.19_log.txt
    [2012/03/17 01:12:15 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.2.0_17.03.2012_01.12.10_log.txt
    [2012/03/17 01:25:58 | 000,297,724 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_17.03.2012_01.12.41_log.txt
    [2008/09/30 15:26:32 | 000,000,011 | ---- | M] () -- C:\trace.ini

    < %systemroot%\Fonts\*.com >
    [2010/08/02 11:39:32 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2010/08/02 11:39:32 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2010/08/02 11:39:32 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/08/02 11:39:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2001/11/20 15:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\Windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2012/01/24 21:15:17 | 015,028,931 | ---- | M] () -- C:\Program Files\bibjam80.zip
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/20 16:55:58 | 000,000,574 | -HS- | M] () -- C:\Users\Dawon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
    [2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
    [2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
    [2012/02/13 18:19:08 | 001,161,112 | ---- | M] (Double Simple LLC) -- C:\Users\Dawon\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe
    [2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
    [2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
    [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    [2009/08/13 11:14:17 | 000,472,064 | ---- | M] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
    [2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2012/03/20 23:56:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/20 23:49:33 | 000,032,650 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2009/06/17 20:00:39 | 000,070,984 | ---- | M] () -- C:\Users\Dawon\g2mdlhlpx.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/07/27 23:59:44 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/07/27 23:59:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/09/16 23:00:09 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/09/16 23:00:09 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/21 16:56:22 | 000,000,402 | -HS- | M] () -- C:\Users\Dawon\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/02/26 12:38:10 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/02/13 16:48:49 | 000,000,440 | ---- | M] () -- C:\ProgramData\xR088cMiciJQkt
    [2012/02/13 16:46:37 | 000,000,304 | ---- | M] () -- C:\ProgramData\~xR088cMiciJQkt
    [2012/02/13 16:46:37 | 000,000,208 | ---- | M] () -- C:\ProgramData\~xR088cMiciJQktr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [1998/09/02 03:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2010/08/02 09:49:33 | 000,000,000 | -H-D | M](C:\Users\Dawon\Favorites\?¤sorted Bookmarks) -- C:\Users\Dawon\Favorites\๐¤sorted Bookmarks

    < End of report >
     
  21. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Extras - part 1


    OTL Extras logfile created on: 3/21/2012 12:08:39 AM - Run 1
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.91% Memory free
    7.25 Gb Paging File | 6.74 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286.94 Gb Total Space | 181.97 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
    Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

    Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Classes\<extension>]
    .scr [@ = scrfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- Reg Error: Value error.
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{11F54206-0AFB-4F55-B55A-6370DCEBE52F}" = rport=445 | protocol=6 | dir=out | app=system |
    "{15F5C0CE-0BFE-466E-90B5-A9DDDC302BAC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1FEF0AC7-2555-416A-9385-26212D247CE5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{207DC617-5F4F-411D-A9AF-26A1AF9D2982}" = lport=139 | protocol=6 | dir=in | app=system |
    "{27D9FCEE-2DE2-48D4-9C14-5BDDD1AB0A8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{343DBAD7-12DD-42FC-8562-BFBEB53C082B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{3A2B1CA2-ACB9-4B28-9E2F-F64C5E3D3693}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3CBD9E1E-740C-41BC-9FF4-514F3752FCCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{44DE0CC1-7B54-4704-9E01-93C1620F767D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{472F640B-0EEC-42A6-85D0-4CE8D25B9C45}" = rport=138 | protocol=17 | dir=out | app=system |
    "{49541609-0E90-461C-A426-A093D9FCA199}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{54CFC575-2586-4BDE-9EBB-4FB69E0F7B48}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5B6EB375-2675-4B13-BA16-F4BB2524DE34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5F71E927-3B4B-4340-8777-ECC2F391EAE5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{6694DC23-934D-445F-8B16-FF928C82F29A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{7142DD8E-54F0-4939-8A2F-E5DE3D6E53B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{75AB2938-BAB4-4331-8402-E4C696998524}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7CE7DEE2-44BE-4700-B654-EA129D97F81E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9EE966FF-FCCA-4A4B-9628-6035AA7D4151}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{A42E0A7E-E596-4BDB-A20C-83126F91A12B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A4D7F216-5F99-4A64-BFA1-DEAA45CFE357}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A9052AE8-EB2B-42C6-A5DB-E52E7644DDC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AA06284E-1795-4A10-BE99-40B4DE0C5E81}" = rport=137 | protocol=17 | dir=out | app=system |
    "{ACBDA73B-D570-4E78-9646-7850276E90C1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B467A10F-48F3-4F82-88AA-DBDD4EA4BFEB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{B6C13F61-7EF0-4241-9E38-D9E173BB220D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C677DC70-48B8-4DAE-8FC5-45EF480CB258}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
    "{D87C47BA-671A-448D-96ED-C84C149FC049}" = lport=138 | protocol=17 | dir=in | app=system |
    "{DAE95DD1-AA1B-4C52-BDED-8EB224C6C65C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E4E53C35-B47B-4D4F-BB76-40869BBA1816}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{E8D59E9E-2736-47F1-A471-07D795427A60}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{F6EBFD8E-6553-4285-965B-C2C764C422FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{FB10DFDB-2A2E-4C2A-8A5F-EF99121E86DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{FB669A80-9A76-4F75-8EED-1D0DC9A8893F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FD82AE64-9C47-462D-9CCA-A99D6F0E8728}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02B130DC-63D9-4132-8A33-A0D3BE4ABF29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{02CBB9A9-A757-4637-A7A0-C5AA1D1C8157}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0CDB5B44-C3FC-4198-B308-68E0E86C91CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{16E7F1BD-59E1-4C41-8E6C-30160206234D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{1A4164AC-0E09-4279-8606-A1D0ABE4380F}" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{1CAF5247-AC48-49FC-8616-8EA1C12F2DE8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{29F67EF0-A54A-4CE1-89B7-67C45E0D1E45}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{308352F3-2A52-4B9C-9594-9918F09D969C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3A25E49A-0902-4085-8E7B-69474069480F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{3FD6025D-7CAD-4532-BA18-9132B4EF1152}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5268C4CB-3802-455A-9B64-DA5112F5D36D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{53087A42-7663-490E-8DFA-5382B755B3A0}" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{6156E043-4D4D-4A9C-80E8-65A54BC91B14}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{6F6D1380-6CF6-42A6-971F-9D4CB2881B89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{72A94663-EE1B-4224-9F84-ACD5EDCBE427}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{78F91081-79D3-4BCF-B696-7EEEEE52C0A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{7B2200BE-8DB8-4C9C-BF86-C1403B367FB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7C5C15F5-A11C-4924-A60C-07F8DB593518}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{7FFF93BC-4E51-43A6-9473-448543215D70}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8334F68D-CCDE-4B26-9245-9AC58F42DDD7}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{8FF11533-DEFE-4271-A7BE-EC27976A09E4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{9C2B9CCB-0A09-446A-BE90-C82CF2D261A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9CE4E8EA-372E-494F-87AB-62DDA09291C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A76BA5FB-D845-4DBD-938B-89D79E2F9B97}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{AAB9D846-18FF-4264-BF8A-60A2C991B06E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{AE3E0B9A-CFA7-4AF0-A871-416A32F30E87}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{AFF20ADB-FB7C-423B-9377-7F7C52CD7293}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B199423A-62DB-4DEB-A985-34556D88CBCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BB170719-B959-486E-A9AC-7619F24F3291}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C03E67FC-197C-4A4D-875C-0F13C422A8E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C471E80F-87AC-4C5D-AA1A-003641EDD40F}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{C8B3BF95-B471-448F-B44F-DBA036E70242}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{C8E7AB52-AD31-4E8E-9005-7D499F6AEB8E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{CDDD4075-A833-4E38-852C-9DAA95360AAA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{CE89C4F7-2BD6-4B72-999A-7DC13807E95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{D5000FA7-150D-4E50-83EC-55950C457595}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D7006C18-C67E-47ED-B8FF-C749BC8056E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E3E79366-DB5A-4D62-88B2-CD4FFB2E4E2D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{E4FA94E5-F860-4D97-B011-E65CEFD214B3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{E6B33C8D-774A-490C-9C17-4732CA00F464}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{E89156B2-317C-4640-A375-08103AF1FF65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{EBBC75C5-3408-44DB-94FB-FD29508B1478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{ED27F482-AD15-4B28-BF6A-F7FF3FA42D96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{0E2627E8-7FDB-4724-B397-6B09DD66F013}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{1236F671-B9D5-4E73-9192-45CED4F577C2}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{60A362B6-8DBC-4DF4-AED6-3D10A2AA8B91}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=6 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
    "TCP Query User{8D26C1F0-0D24-46D4-8FE7-622DDC9B958A}C:\program files\localphone\bin\localphoned.exe" = protocol=6 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
    "TCP Query User{BF5258A0-724B-4FE6-87CD-D1878D17FCF1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{C6FCC1C8-E0DA-48A4-8826-36E3B51C4DD3}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{15A7DEB5-8C30-4EA9-BBA4-9C5C4B9F8E09}C:\program files\localphone\bin\localphoned.exe" = protocol=17 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
    "UDP Query User{1C8ADEBF-01EE-4C1F-8FCF-6BB4E887525E}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{79CE2D96-F7C4-42C1-A26C-5B674F595700}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{9B11D534-44F1-4B18-8001-75F21FD5F472}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=17 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
    "UDP Query User{F02EB749-4E6C-40DB-8C40-71E7A4B10611}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{F4DDCCD4-9EFF-4E51-8093-F7270146FEF4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = CA Desktop DNA Migrator
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
    "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D7E0120-C782-40B5-A88F-1ED52BEB3859}" = Windows Installer XML Toolset 3.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
     
  22. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Extras - part 2


    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
    "{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = PCI GW-US54Mini2
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced SystemCare 5_is1" = Advanced SystemCare 5
    "Byki Express" = Byki Express
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
    "CNXT_MODEM_PCIE_HSF" = PCIe Soft Voice SoftRing Modem with SmartCP
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "DivX Setup.divx.com" = DivX Setup
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
    "Eusing Free Registry Defrag" = Eusing Free Registry Defrag
    "Free File Opener" = Free File Opener
    "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "InstallShield_{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = PRODUCT_NAME
    "InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Localphone_is1" = Localphone version 1.0.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Middle School Advantage 2001" = Middle School Advantage 2001
    "Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "Pidgin" = Pidgin
    "Protected Folder_is1" = Protected Folder
    "RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
    "RealPlayer 15.0" = RealPlayer
    "Recuva" = Recuva
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
    "Security Task Manager" = Security Task Manager 1.8d
    "Smart Defrag 2_is1" = Smart Defrag 2
    "STANDARDR" = Microsoft Office Standard 2007
    "SystemRequirementsLab" = System Requirements Lab
    "VCardExport_is1" = VCardExportTool
    "VISPRO" = Microsoft Office Visio Professional 2007
    "WildTangent hp Master Uninstall" = My HP Games
    "Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "419506f87bc706d3" = MXit EVO PC
    "American Heritage Talking Dictionary" = American Heritage Talking Dictionary
    "Google Chrome" = Google Chrome
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/20/2012 11:52:53 PM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/21/2012 12:51:12 AM | Computer Name = Dawon-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 3/21/2012 12:51:20 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    Error - 3/21/2012 12:51:21 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    Error - 3/21/2012 12:51:26 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    Error - 3/21/2012 12:52:06 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/21/2012 12:56:23 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files\Windows
    Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

    [ Cisco AnyConnect VPN Client Events ]
    Error - 11/17/2009 6:11:02 PM | Computer Name = Dawon-PC | Source = vpndownloader | ID = 50659329
    Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: ..\Api\ProfileMgr.cpp
    Line:
    97 Description: unknown

    Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
    Description = Function: CVCMSSaxParser Return code: 0xC00CEE3B File: .\xml\MSSaxErrorHandlerImpl.cpp
    Line:
    31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: The name in the end tag
    of the element must match the element type in the start tag.

    Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
    Description = Function: XmlParser::invokeParser Return code: 0xC00CEE3B File: .\xml\XmlParser.cpp
    Line:
    207 Description: WINDOWS_ERROR_CODE Error encountered during parse. C:\ProgramData\Cisco\Cisco
    AnyConnect VPN Client\Profile\DLPodAll2.xml

    Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
    Description = Function: loadProfile Return code: 0xFE000009 File: .\ProfileMgr.cpp
    Line:
    218 Description: unknown Unable to parse the profile. Host data may not available.
    : C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile\DLPodAll2.xml

    Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
    Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: .\ProfileMgr.cpp
    Line:
    97 Description: unknown

    Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
    Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
    .\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
    but terminated in a root certificate which is not trusted by the trust provider.



    Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
    Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
    .\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
    but terminated in a root certificate which is not trusted by the trust provider.



    Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    1279 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331669
    Description = Failed Route change: Action: AddRoute Destination: 100.1.0.0 Netmask:
    255.255.0.0 Gateway: 100.1.3.1 Interface: 100.1.3.1 Metric: 1

    Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    [ Media Center Events ]
    Error - 2/9/2012 5:13:50 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/9/2012 5:18:48 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/9/2012 5:22:02 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/9/2012 5:22:57 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/9/2012 10:19:12 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/10/2012 5:18:15 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
    try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
    Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/10/2012 5:19:34 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/10/2012 5:20:24 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/10/2012 5:20:41 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/10/2012 5:21:22 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ OSession Events ]
    Error - 5/9/2011 12:01:36 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/9/2011 3:22:39 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/24/2011 9:05:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/24/2011 9:06:37 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/24/2011 9:07:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/24/2011 9:14:30 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/3/2011 4:19:41 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/11/2011 3:07:18 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/11/2011 3:12:34 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/12/2011 6:22:53 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 3/21/2012 12:56:55 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7023
    Description =


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 47,666   +267

    Uninstall Advanced SystemCare 5.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      SRV - File not found [On_Demand | Stopped] -- -- (VQYLZES)
      SRV - File not found [On_Demand | Stopped] -- -- (MPUW)
      SRV - [2005/02/23 16:56:14 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
      DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl9900cb84)
      IE - HKLM\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
      IE - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
      [2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\se archplugins\bing-zugo.xml
      O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O3 - HKU\S-1-5-21-2150334436-476888621-3169721696-1000\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
      O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - No CLSID value found.
      O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell - "" = AutoRun
      O33 - MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
      O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell - "" = AutoRun
      O33 - MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\Shell\AutoRun\command - "" = F:\autoplay.exe
      [2012/03/19 17:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
      [2012/02/13 16:46:37 | 000,000,304 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQkt
      [2012/02/13 16:46:37 | 000,000,208 | ---- | C] () -- C:\ProgramData\~xR088cMiciJQktr
      [2012/02/13 16:46:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\xR088cMiciJQkt
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\CA
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
  24. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    Oh wow, you're the first I heard mention this. I was really beginning to like Advanced SystemCare. My computer takes a while to startup and I was also under the persuasion that utilities like that and CCleaner (which I also have and love) help to speed up my computer. I've uninstalled Advanced SystemCare now.


    OTL Run Fix log


    All processes killed
    ========== OTL ==========
    Process LogWatNT.exe killed successfully!
    Service VQYLZES stopped successfully!
    Service VQYLZES deleted successfully!
    Service MPUW stopped successfully!
    Service MPUW deleted successfully!
    Service LogWatch stopped successfully!
    Service LogWatch deleted successfully!
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe moved successfully.
    Service MpKsl9900cb84 stopped successfully!
    Service MpKsl9900cb84 deleted successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
    File C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\se archplugins\bing-zugo.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ deleted successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll moved successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
    File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
    File F:\autoplay.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
    File F:\autoplay.exe not found.
    C:\ProgramData\CA\Consumer\CCube folder moved successfully.
    C:\ProgramData\CA\Consumer folder moved successfully.
    C:\ProgramData\CA folder moved successfully.
    C:\ProgramData\~xR088cMiciJQkt moved successfully.
    C:\ProgramData\~xR088cMiciJQktr moved successfully.
    C:\ProgramData\xR088cMiciJQkt moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\CA\SharedComponents\HIPSEngine(57)\Install folder moved successfully.
    C:\Program Files\CA\SharedComponents\HIPSEngine(57) folder moved successfully.
    C:\Program Files\CA\SharedComponents\CA_LIC folder moved successfully.
    C:\Program Files\CA\SharedComponents folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\components folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector folder moved successfully.
    C:\Program Files\CA\CA Internet Security Suite folder moved successfully.
    C:\Program Files\CA folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: Administrator.Dawon-PC
    ->Temp folder emptied: 32848 bytes
    ->Temporary Internet Files folder emptied: 98706 bytes
    ->Java cache emptied: 3439403 bytes
    ->FireFox cache emptied: 6689413 bytes
    ->Google Chrome cache emptied: 19392315 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 502 bytes

    User: All Users

    User: Dawon
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5186478 bytes
    ->Java cache emptied: 570030 bytes
    ->FireFox cache emptied: 43106527 bytes
    ->Google Chrome cache emptied: 155435109 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 14317 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 1546278 bytes
    ->Temporary Internet Files folder emptied: 24883842 bytes
    ->Java cache emptied: 13689277 bytes
    ->FireFox cache emptied: 8332568 bytes
    ->Google Chrome cache emptied: 32953028 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2040 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 175480 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32848 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 8275685 bytes

    Total Files Cleaned = 309.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.Dawon-PC
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Dawon
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.Dawon-PC
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dawon
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.1 log created on 03212012_115111

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  25. doowop25

    doowop25 TS Rookie Topic Starter Posts: 24

    OTL Quick Scan log


    OTL logfile created on: 3/21/2012 11:58:22 AM - Run 2
    OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 67.61% Memory free
    7.25 Gb Paging File | 6.38 Gb Available in Paging File | 88.08% Paging File free
    Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286.94 Gb Total Space | 177.87 Gb Free Space | 61.99% Space Free | Partition Type: NTFS
    Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

    Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/18 22:35:35 | 000,444,400 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppgooglenaclpluginchrome.dll
    MOD - [2012/03/18 22:35:33 | 003,915,248 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
    MOD - [2012/03/18 22:34:08 | 000,122,880 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avutil-51.dll
    MOD - [2012/03/18 22:34:07 | 000,220,672 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avformat-53.dll
    MOD - [2012/03/18 22:34:06 | 001,747,456 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avcodec-53.dll
    MOD - [2012/03/18 21:53:06 | 008,593,056 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/11/18 13:48:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
    DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/16 19:00:08 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
    DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2007/03/26 21:37:52 | 000,206,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
    DRV - [2007/01/30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKLM\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
    IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
    IE - HKCU\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{2BF3535E-BDB0-45E4-B986-EA9F938C7A03}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKCU\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
    IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
    IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
    FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/30 11:11:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 19:14:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 19:14:37 | 000,000,000 | ---D | M]

    [2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions
    [2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
    [2012/02/14 23:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions
    [2010/06/23 13:34:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(102)
    [2010/07/27 13:11:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(589)
    [2012/02/14 23:54:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\plugin@yontoo.com
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\searchtoolbar@zugo.com
    [2010/06/23 13:34:27 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\smarterwiki@wikiatic(101).com
    [2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
    [2007/10/25 11:46:32 | 000,004,946 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\comcast.xml
    [2012/03/19 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2012/03/19 15:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/01/30 11:11:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2009/07/28 20:55:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/09/13 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/03/19 15:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/13 21:18:58 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2008/12/01 11:50:26 | 000,004,946 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Native Client (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
    CHR - Extension: DivX HiQ = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: Facebook News Ticker Remover = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.3_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O4 - HKCU..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D203F38-2A3A-4B6A-9DD0-1C25CCD3DD90}: DhcpNameServer = 192.168.15.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/21 11:51:11 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/21 00:03:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    [2012/03/20 23:18:29 | 004,441,698 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
    [2012/03/20 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\GETxPUD
    [2012/03/20 21:53:04 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\Windows\System32\LicProtector310.exe
    [2012/03/20 21:53:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
    [2012/03/20 21:53:03 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\Windows\System32\gdpicturepro5.ocx
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\PackageAware
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Free File Opener
    [2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener
    [2012/03/20 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2012/03/20 15:37:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
    [2012/03/20 12:47:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
    [2012/03/19 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/03/19 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    [2012/03/19 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/03/19 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
    [2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener
    [2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\RAR File Open Knife - Free Opener
    [2012/03/19 17:39:57 | 000,000,000 | -H-D | C] -- C:\Config.msi
    [2012/03/19 17:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/19 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/03/19 16:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/19 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/03/19 16:36:18 | 000,000,000 | ---D | C] -- C:\MGtools
    [2012/03/19 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/19 16:30:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/19 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/19 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\SercurityStuff
    [2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/03/17 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/03/17 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/02/27 22:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\RockMelt
    [2012/02/23 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Localphone

    ========== Files - Modified Within 30 Days ==========

    [2012/03/21 11:58:17 | 000,665,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/21 11:58:17 | 000,124,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/21 11:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/21 11:53:51 | 3152,412,672 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/21 11:51:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
    [2012/03/20 23:19:33 | 000,002,587 | ---- | M] () -- C:\Users\Dawon\Desktop\Microsoft Office Word 2007.lnk
    [2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
    [2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
    [2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
    [2012/03/20 21:53:04 | 000,000,812 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
    [2012/03/20 21:53:04 | 000,000,788 | ---- | M] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
    [2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
    [2012/03/20 21:32:38 | 000,044,607 | ---- | M] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
    [2012/03/20 15:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
    [2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
    [2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
    [2012/03/19 20:35:46 | 000,003,416 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
    [2012/03/19 20:05:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/03/19 16:39:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
    [2012/03/19 16:30:37 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/19 16:20:03 | 000,002,088 | ---- | M] () -- C:\Users\Dawon\Desktop\Google Chrome.lnk
    [2012/03/19 16:20:03 | 000,002,050 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/03/19 16:01:59 | 000,000,000 | ---- | M] () -- C:\Users\Dawon\defogger_reenable
    [2012/03/19 10:32:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/03/18 22:02:04 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/03/17 17:14:19 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/16 23:25:25 | 000,334,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/16 23:02:05 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2012/03/08 23:47:47 | 003,909,679 | ---- | M] () -- C:\Users\Dawon\Desktop\tdsskiller.zip
    [2012/03/01 15:57:53 | 000,137,216 | ---- | M] () -- C:\Users\Dawon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/27 16:02:27 | 000,014,632 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg

    ========== Files Created - No Company Name ==========

    [2012/03/20 23:56:02 | 3152,412,672 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/20 22:16:59 | 000,497,272 | ---- | C] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
    [2012/03/20 22:04:00 | 000,304,845 | ---- | C] () -- C:\Users\Dawon\Desktop\ListParts.exe
    [2012/03/20 21:53:04 | 000,000,812 | ---- | C] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
    [2012/03/20 21:53:04 | 000,000,788 | ---- | C] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
    [2012/03/20 21:32:38 | 000,044,607 | ---- | C] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
    [2012/03/20 13:33:13 | 000,302,592 | ---- | C] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
    [2012/03/19 20:35:45 | 000,003,416 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
    [2012/03/19 18:50:32 | 000,472,064 | ---- | C] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
    [2012/03/19 16:36:22 | 000,039,862 | ---- | C] () -- C:\MGlogs.zip
    [2012/03/19 16:30:37 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/19 16:21:13 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/19 16:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Dawon\defogger_reenable
    [2012/03/17 17:14:19 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/02/27 16:02:25 | 000,014,632 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
    [2012/01/24 21:14:34 | 015,028,931 | ---- | C] () -- C:\Program Files\bibjam80.zip
    [2011/10/14 13:11:40 | 000,025,140 | -H-- | C] () -- C:\Users\Dawon\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/09/24 11:26:40 | 000,017,408 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\WebpageIcons.db
    [2011/06/14 00:22:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\ONBV2VER.INI
    [2011/06/14 00:22:09 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
    [2011/06/14 00:20:35 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
    [2011/04/22 16:32:53 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    [2011/04/22 16:32:52 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2011/04/14 14:47:43 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011/03/19 12:33:21 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
    [2011/03/01 20:10:59 | 000,000,225 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/12/30 20:57:39 | 000,000,058 | -H-- | C] () -- C:\Windows\popcreg.dat
    [2010/12/30 20:57:39 | 000,000,020 | ---- | C] () -- C:\Windows\popcinfot.dat
    [2010/07/30 11:13:44 | 000,000,036 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\housecall.guid.cache
    [2010/06/29 20:32:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\40Et2gh.dat

    ========== LOP Check ==========

    [2011/02/07 14:31:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\.purple
    [2010/03/23 22:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Acronis
    [2010/08/24 12:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Amazon
    [2011/04/08 20:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Any Video Converter
    [2010/08/20 12:42:37 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\BitZipper
    [2010/10/20 01:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\CallingID
    [2010/06/23 12:42:06 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ChromePlus
    [2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\DriverCure
    [2011/11/28 13:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Dropbox
    [2010/04/01 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\EuroTalk
    [2009/11/15 09:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Flock
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GetRightToGo
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GHISLER
    [2010/08/20 12:36:57 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\gnupg
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\gtk-2.0
    [2010/07/26 13:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\InfraRecorder
    [2012/03/19 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\IObit
    [2009/03/03 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\iWin
    [2011/06/22 10:47:59 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Linphone
    [2011/07/13 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\OpenCandy
    [2011/11/28 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Opera
    [2010/11/15 21:17:19 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PC Suite
    [2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PC-FAX TX
    [2012/03/19 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
    [2008/09/22 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PictureMover
    [2009/01/02 01:14:45 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PlayFirst
    [2008/11/05 18:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ScanSoft
    [2009/06/25 12:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Skinux
    [2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\SpeedyPC Software
    [2009/01/13 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Systweak
    [2009/05/06 16:31:40 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Template
    [2008/09/30 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\ubi.com
    [2011/02/24 12:43:47 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WeatherBug
    [2009/01/01 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WildTangent
    [2008/09/23 14:41:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WinBatch
    [2011/06/30 16:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Windows Live Writer
    [2009/09/24 22:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\YouSendIt
    [2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2012/03/21 11:51:38 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.