Cannot remove MBR: Alureo rootkit from Vista

Extras - part 1


OTL Extras logfile created on: 3/21/2012 12:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 81.91% Memory free
7.25 Gb Paging File | 6.74 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 181.97 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F54206-0AFB-4F55-B55A-6370DCEBE52F}" = rport=445 | protocol=6 | dir=out | app=system |
"{15F5C0CE-0BFE-466E-90B5-A9DDDC302BAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{1FEF0AC7-2555-416A-9385-26212D247CE5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{207DC617-5F4F-411D-A9AF-26A1AF9D2982}" = lport=139 | protocol=6 | dir=in | app=system |
"{27D9FCEE-2DE2-48D4-9C14-5BDDD1AB0A8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{343DBAD7-12DD-42FC-8562-BFBEB53C082B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3A2B1CA2-ACB9-4B28-9E2F-F64C5E3D3693}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3CBD9E1E-740C-41BC-9FF4-514F3752FCCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{44DE0CC1-7B54-4704-9E01-93C1620F767D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{472F640B-0EEC-42A6-85D0-4CE8D25B9C45}" = rport=138 | protocol=17 | dir=out | app=system |
"{49541609-0E90-461C-A426-A093D9FCA199}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{54CFC575-2586-4BDE-9EBB-4FB69E0F7B48}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B6EB375-2675-4B13-BA16-F4BB2524DE34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F71E927-3B4B-4340-8777-ECC2F391EAE5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6694DC23-934D-445F-8B16-FF928C82F29A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7142DD8E-54F0-4939-8A2F-E5DE3D6E53B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{75AB2938-BAB4-4331-8402-E4C696998524}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CE7DEE2-44BE-4700-B654-EA129D97F81E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EE966FF-FCCA-4A4B-9628-6035AA7D4151}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A42E0A7E-E596-4BDB-A20C-83126F91A12B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4D7F216-5F99-4A64-BFA1-DEAA45CFE357}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A9052AE8-EB2B-42C6-A5DB-E52E7644DDC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA06284E-1795-4A10-BE99-40B4DE0C5E81}" = rport=137 | protocol=17 | dir=out | app=system |
"{ACBDA73B-D570-4E78-9646-7850276E90C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B467A10F-48F3-4F82-88AA-DBDD4EA4BFEB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B6C13F61-7EF0-4241-9E38-D9E173BB220D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C677DC70-48B8-4DAE-8FC5-45EF480CB258}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{D87C47BA-671A-448D-96ED-C84C149FC049}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAE95DD1-AA1B-4C52-BDED-8EB224C6C65C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E4E53C35-B47B-4D4F-BB76-40869BBA1816}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E8D59E9E-2736-47F1-A471-07D795427A60}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F6EBFD8E-6553-4285-965B-C2C764C422FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FB10DFDB-2A2E-4C2A-8A5F-EF99121E86DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FB669A80-9A76-4F75-8EED-1D0DC9A8893F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD82AE64-9C47-462D-9CCA-A99D6F0E8728}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B130DC-63D9-4132-8A33-A0D3BE4ABF29}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{02CBB9A9-A757-4637-A7A0-C5AA1D1C8157}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0CDB5B44-C3FC-4198-B308-68E0E86C91CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{16E7F1BD-59E1-4C41-8E6C-30160206234D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1A4164AC-0E09-4279-8606-A1D0ABE4380F}" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1CAF5247-AC48-49FC-8616-8EA1C12F2DE8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{29F67EF0-A54A-4CE1-89B7-67C45E0D1E45}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{308352F3-2A52-4B9C-9594-9918F09D969C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3A25E49A-0902-4085-8E7B-69474069480F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3FD6025D-7CAD-4532-BA18-9132B4EF1152}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5268C4CB-3802-455A-9B64-DA5112F5D36D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53087A42-7663-490E-8DFA-5382B755B3A0}" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6156E043-4D4D-4A9C-80E8-65A54BC91B14}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{6F6D1380-6CF6-42A6-971F-9D4CB2881B89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72A94663-EE1B-4224-9F84-ACD5EDCBE427}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{78F91081-79D3-4BCF-B696-7EEEEE52C0A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B2200BE-8DB8-4C9C-BF86-C1403B367FB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5C15F5-A11C-4924-A60C-07F8DB593518}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FFF93BC-4E51-43A6-9473-448543215D70}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8334F68D-CCDE-4B26-9245-9AC58F42DDD7}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{8FF11533-DEFE-4271-A7BE-EC27976A09E4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C2B9CCB-0A09-446A-BE90-C82CF2D261A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CE4E8EA-372E-494F-87AB-62DDA09291C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A76BA5FB-D845-4DBD-938B-89D79E2F9B97}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AAB9D846-18FF-4264-BF8A-60A2C991B06E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE3E0B9A-CFA7-4AF0-A871-416A32F30E87}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AFF20ADB-FB7C-423B-9377-7F7C52CD7293}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B199423A-62DB-4DEB-A985-34556D88CBCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB170719-B959-486E-A9AC-7619F24F3291}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C03E67FC-197C-4A4D-875C-0F13C422A8E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C471E80F-87AC-4C5D-AA1A-003641EDD40F}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{C8B3BF95-B471-448F-B44F-DBA036E70242}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C8E7AB52-AD31-4E8E-9005-7D499F6AEB8E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CDDD4075-A833-4E38-852C-9DAA95360AAA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE89C4F7-2BD6-4B72-999A-7DC13807E95E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D5000FA7-150D-4E50-83EC-55950C457595}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7006C18-C67E-47ED-B8FF-C749BC8056E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3E79366-DB5A-4D62-88B2-CD4FFB2E4E2D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4FA94E5-F860-4D97-B011-E65CEFD214B3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E6B33C8D-774A-490C-9C17-4732CA00F464}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{E89156B2-317C-4640-A375-08103AF1FF65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EBBC75C5-3408-44DB-94FB-FD29508B1478}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED27F482-AD15-4B28-BF6A-F7FF3FA42D96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0E2627E8-7FDB-4724-B397-6B09DD66F013}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1236F671-B9D5-4E73-9192-45CED4F577C2}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{60A362B6-8DBC-4DF4-AED6-3D10A2AA8B91}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=6 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
"TCP Query User{8D26C1F0-0D24-46D4-8FE7-622DDC9B958A}C:\program files\localphone\bin\localphoned.exe" = protocol=6 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
"TCP Query User{BF5258A0-724B-4FE6-87CD-D1878D17FCF1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{C6FCC1C8-E0DA-48A4-8826-36E3B51C4DD3}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{15A7DEB5-8C30-4EA9-BBA4-9C5C4B9F8E09}C:\program files\localphone\bin\localphoned.exe" = protocol=17 | dir=in | app=c:\program files\localphone\bin\localphoned.exe |
"UDP Query User{1C8ADEBF-01EE-4C1F-8FCF-6BB4E887525E}C:\users\dawon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dawon\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{79CE2D96-F7C4-42C1-A26C-5B674F595700}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9B11D534-44F1-4B18-8001-75F21FD5F472}C:\program files\coupons\localphone\bin\localphone-3.exe" = protocol=17 | dir=in | app=c:\program files\coupons\localphone\bin\localphone-3.exe |
"UDP Query User{F02EB749-4E6C-40DB-8C40-71E7A4B10611}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{F4DDCCD4-9EFF-4E51-8093-F7270146FEF4}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = CA Desktop DNA Migrator
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E0120-C782-40B5-A88F-1ED52BEB3859}" = Windows Installer XML Toolset 3.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

Extras - part 2


"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FA012E-27C7-4308-9457-5FCFB84B0436}" = PictureMover
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E91E8912-769D-42F0-8408-0E329443BABC}" = PCI GW-US54Mini2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"CNXT_MODEM_PCIE_HSF" = PCIe Soft Voice SoftRing Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"Free File Opener" = Free File Opener
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}" = PRODUCT_NAME
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Localphone_is1" = Localphone version 1.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Middle School Advantage 2001" = Middle School Advantage 2001
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pidgin" = Pidgin
"Protected Folder_is1" = Protected Folder
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Security Task Manager" = Security Task Manager 1.8d
"Smart Defrag 2_is1" = Smart Defrag 2
"STANDARDR" = Microsoft Office Standard 2007
"SystemRequirementsLab" = System Requirements Lab
"VCardExport_is1" = VCardExportTool
"VISPRO" = Microsoft Office Visio Professional 2007
"WildTangent hp Master Uninstall" = My HP Games
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"419506f87bc706d3" = MXit EVO PC
"American Heritage Talking Dictionary" = American Heritage Talking Dictionary
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2012 11:52:53 PM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:51:12 AM | Computer Name = Dawon-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/21/2012 12:51:20 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:51:21 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:51:26 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:52:06 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2012 12:56:23 AM | Computer Name = Dawon-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

[ Cisco AnyConnect VPN Client Events ]
Error - 11/17/2009 6:11:02 PM | Computer Name = Dawon-PC | Source = vpndownloader | ID = 50659329
Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: ..\Api\ProfileMgr.cpp
Line:
97 Description: unknown

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: CVCMSSaxParser Return code: 0xC00CEE3B File: .\xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: The name in the end tag
of the element must match the element type in the start tag.

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: XmlParser::invokeParser Return code: 0xC00CEE3B File: .\xml\XmlParser.cpp
Line:
207 Description: WINDOWS_ERROR_CODE Error encountered during parse. C:\ProgramData\Cisco\Cisco
AnyConnect VPN Client\Profile\DLPodAll2.xml

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: loadProfile Return code: 0xFE000009 File: .\ProfileMgr.cpp
Line:
218 Description: unknown Unable to parse the profile. Host data may not available.
: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile\DLPodAll2.xml

Error - 11/17/2009 6:11:07 PM | Computer Name = Dawon-PC | Source = vpnui | ID = 50462721
Description = Function: ProfileMgr::loadProfiles Return code: 0xFE000009 File: .\ProfileMgr.cpp
Line:
97 Description: unknown

Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 11/17/2009 6:11:12 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1793 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1279 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 100.1.0.0 Netmask:
255.255.0.0 Gateway: 100.1.3.1 Interface: 100.1.3.1 Metric: 1

Error - 11/17/2009 6:11:18 PM | Computer Name = Dawon-PC | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

[ Media Center Events ]
Error - 2/9/2012 5:13:50 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:18:48 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:22:02 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 5:22:57 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2012 10:19:12 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:18:15 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:19:34 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:20:24 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:20:41 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/10/2012 5:21:22 PM | Computer Name = Dawon-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 5/9/2011 12:01:36 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2011 3:22:39 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:05:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:06:37 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:07:55 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2011 9:14:30 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2011 4:19:41 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2011 3:07:18 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2011 3:12:34 AM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/12/2011 6:22:53 PM | Computer Name = Dawon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:52:07 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/21/2012 12:56:22 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/21/2012 12:56:55 AM | Computer Name = Dawon-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

Oh wow, you're the first I heard mention this. I was really beginning to like Advanced SystemCare. My computer takes a while to startup and I was also under the persuasion that utilities like that and CCleaner (which I also have and love) help to speed up my computer. I've uninstalled Advanced SystemCare now.


OTL Run Fix log


All processes killed
========== OTL ==========
Process LogWatNT.exe killed successfully!
Service VQYLZES stopped successfully!
Service VQYLZES deleted successfully!
Service MPUW stopped successfully!
Service MPUW deleted successfully!
Service LogWatch stopped successfully!
Service LogWatch deleted successfully!
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe moved successfully.
Service MpKsl9900cb84 stopped successfully!
Service MpKsl9900cb84 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
Registry key HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A797851D-92CE-46FB-B33A-90E5EAE73837}\ not found.
File C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\se archplugins\bing-zugo.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2150334436-476888621-3169721696-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ deleted successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59e15cb4-8eab-11dd-bc18-001e9048cbf5}\ not found.
File F:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5de34b84-05c3-11de-8b56-001e9048cbf5}\ not found.
File F:\autoplay.exe not found.
C:\ProgramData\CA\Consumer\CCube folder moved successfully.
C:\ProgramData\CA\Consumer folder moved successfully.
C:\ProgramData\CA folder moved successfully.
C:\ProgramData\~xR088cMiciJQkt moved successfully.
C:\ProgramData\~xR088cMiciJQktr moved successfully.
C:\ProgramData\xR088cMiciJQkt moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\CA\SharedComponents\HIPSEngine(57)\Install folder moved successfully.
C:\Program Files\CA\SharedComponents\HIPSEngine(57) folder moved successfully.
C:\Program Files\CA\SharedComponents\CA_LIC folder moved successfully.
C:\Program Files\CA\SharedComponents folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\defaults folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\defaults folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content\callingid folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\tcn folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\sc folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\jp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\it folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\fr folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\es folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\de folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale\bp folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\locale folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content\callingidlinkadvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome\content folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector folder moved successfully.
C:\Program Files\CA\CA Internet Security Suite folder moved successfully.
C:\Program Files\CA folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.Dawon-PC
->Temp folder emptied: 32848 bytes
->Temporary Internet Files folder emptied: 98706 bytes
->Java cache emptied: 3439403 bytes
->FireFox cache emptied: 6689413 bytes
->Google Chrome cache emptied: 19392315 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 502 bytes

User: All Users

User: Dawon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5186478 bytes
->Java cache emptied: 570030 bytes
->FireFox cache emptied: 43106527 bytes
->Google Chrome cache emptied: 155435109 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14317 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 1546278 bytes
->Temporary Internet Files folder emptied: 24883842 bytes
->Java cache emptied: 13689277 bytes
->FireFox cache emptied: 8332568 bytes
->Google Chrome cache emptied: 32953028 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2040 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8275685 bytes

Total Files Cleaned = 309.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.Dawon-PC
->Java cache emptied: 0 bytes

User: All Users

User: Dawon
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Dawon-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Dawon
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_115111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Quick Scan log


OTL logfile created on: 3/21/2012 11:58:22 AM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Dawon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 67.61% Memory free
7.25 Gb Paging File | 6.38 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): c:\pagefile.sys 4507 4507 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.94 Gb Total Space | 177.87 Gb Free Space | 61.99% Space Free | Partition Type: NTFS
Drive D: | 11.15 Gb Total Space | 1.53 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

Computer Name: DAWON-PC | User Name: Dawon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 22:35:35 | 000,444,400 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppgooglenaclpluginchrome.dll
MOD - [2012/03/18 22:35:33 | 003,915,248 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
MOD - [2012/03/18 22:34:08 | 000,122,880 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avutil-51.dll
MOD - [2012/03/18 22:34:07 | 000,220,672 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avformat-53.dll
MOD - [2012/03/18 22:34:06 | 001,747,456 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\avcodec-53.dll
MOD - [2012/03/18 21:53:06 | 008,593,056 | ---- | M] () -- C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 13:48:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/16 19:00:08 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/03/26 21:37:52 | 000,206,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2007/01/30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKLM\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {293B6F50-4C29-402E-994F-5F895838E224}
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{293B6F50-4C29-402E-994F-5F895838E224}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{2BF3535E-BDB0-45E4-B986-EA9F938C7A03}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{7ECCE87F-E9EB-432A-A65B-A656BA35F4F7}: "URL" = http://search.comcast.net/search?cat=Web&con=ie7&q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/02/13 19:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/30 11:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 19:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 19:14:37 | 000,000,000 | ---D | M]

[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions
[2009/10/24 21:03:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions
[2010/06/23 13:34:29 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(102)
[2010/07/27 13:11:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(589)
[2012/02/14 23:54:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\plugin@yontoo.com
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\searchtoolbar@zugo.com
[2010/06/23 13:34:27 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\extensions\smarterwiki@wikiatic(101).com
[2011/03/01 20:59:59 | 000,001,919 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
[2007/10/25 11:46:32 | 000,004,946 | -H-- | M] () -- C:\Users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\comcast.xml
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/13 19:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/03/19 15:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/30 11:11:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/07/28 20:55:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/13 21:19:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/19 15:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/13 21:18:58 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2008/12/01 11:50:26 | 000,004,946 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Native Client (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\Application\18.0.1025.113\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dawon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dawon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Dawon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: DivX HiQ = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Facebook News Ticker Remover = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.3_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Dawon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKCU..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D203F38-2A3A-4B6A-9DD0-1C25CCD3DD90}: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:31:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 11:51:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/21 00:03:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/20 23:18:29 | 004,441,698 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\GETxPUD
[2012/03/20 21:53:04 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\Windows\System32\LicProtector310.exe
[2012/03/20 21:53:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
[2012/03/20 21:53:03 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\Windows\System32\gdpicturepro5.ocx
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\PackageAware
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Free File Opener
[2012/03/20 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener
[2012/03/20 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/03/20 15:37:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 12:47:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 21:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/19 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/19 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/19 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener
[2012/03/19 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\RAR File Open Knife - Free Opener
[2012/03/19 17:39:57 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2012/03/19 17:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/19 16:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/03/19 16:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/19 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/19 16:36:18 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/03/19 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 16:30:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/19 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/19 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Dawon\Desktop\SercurityStuff
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/19 10:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/17 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/27 22:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dawon\AppData\Local\RockMelt
[2012/02/23 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Localphone

========== Files - Modified Within 30 Days ==========

[2012/03/21 11:58:17 | 000,665,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/21 11:58:17 | 000,124,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 11:54:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 11:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 11:53:51 | 3152,412,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 11:51:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/21 00:03:50 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Dawon\Desktop\OTL.exe
[2012/03/20 23:19:33 | 000,002,587 | ---- | M] () -- C:\Users\Dawon\Desktop\Microsoft Office Word 2007.lnk
[2012/03/20 23:18:39 | 004,441,698 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\ComboFix.exe
[2012/03/20 22:17:00 | 000,497,272 | ---- | M] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:01 | 000,304,845 | ---- | M] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | M] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:33:37 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Dawon\Desktop\boot_cleaner.exe
[2012/03/20 21:32:38 | 000,044,607 | ---- | M] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 15:37:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dawon\Desktop\dds.scr
[2012/03/20 13:33:13 | 000,302,592 | ---- | M] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/20 12:47:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dawon\Desktop\aswMBR.exe
[2012/03/19 20:35:46 | 000,003,416 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 20:05:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/19 16:39:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:36:22 | 000,039,862 | ---- | M] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:20:03 | 000,002,088 | ---- | M] () -- C:\Users\Dawon\Desktop\Google Chrome.lnk
[2012/03/19 16:20:03 | 000,002,050 | ---- | M] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | M] () -- C:\Users\Dawon\defogger_reenable
[2012/03/19 10:32:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/19 10:31:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/18 22:02:04 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/17 17:14:19 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/16 23:25:25 | 000,334,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/16 23:02:05 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/03/08 23:47:47 | 003,909,679 | ---- | M] () -- C:\Users\Dawon\Desktop\tdsskiller.zip
[2012/03/01 15:57:53 | 000,137,216 | ---- | M] () -- C:\Users\Dawon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 16:02:27 | 000,014,632 | ---- | M] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg

========== Files Created - No Company Name ==========

[2012/03/20 23:56:02 | 3152,412,672 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/20 22:16:59 | 000,497,272 | ---- | C] () -- C:\Users\Dawon\Desktop\GETxPUD.exe
[2012/03/20 22:04:00 | 000,304,845 | ---- | C] () -- C:\Users\Dawon\Desktop\ListParts.exe
[2012/03/20 21:53:04 | 000,000,812 | ---- | C] () -- C:\Users\Dawon\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk
[2012/03/20 21:53:04 | 000,000,788 | ---- | C] () -- C:\Users\Dawon\Desktop\Free File Opener.lnk
[2012/03/20 21:32:38 | 000,044,607 | ---- | C] () -- C:\Users\Dawon\Desktop\bootkit_remover.zip
[2012/03/20 13:33:13 | 000,302,592 | ---- | C] () -- C:\Users\Dawon\Desktop\tykegnrd.exe
[2012/03/19 20:35:45 | 000,003,416 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120319_203543.reg
[2012/03/19 18:50:32 | 000,472,064 | ---- | C] ( ) -- C:\Users\Dawon\Desktop\RootRepeal.exe
[2012/03/19 16:36:22 | 000,039,862 | ---- | C] () -- C:\MGlogs.zip
[2012/03/19 16:30:37 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 16:21:13 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/19 16:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Dawon\defogger_reenable
[2012/03/17 17:14:19 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/27 16:02:25 | 000,014,632 | ---- | C] () -- C:\Users\Dawon\Documents\cc_20120227_150224.reg
[2012/01/24 21:14:34 | 015,028,931 | ---- | C] () -- C:\Program Files\bibjam80.zip
[2011/10/14 13:11:40 | 000,025,140 | -H-- | C] () -- C:\Users\Dawon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/24 11:26:40 | 000,017,408 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\WebpageIcons.db
[2011/06/14 00:22:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\ONBV2VER.INI
[2011/06/14 00:22:09 | 000,000,364 | ---- | C] () -- C:\Windows\ONBLV2CL.INI
[2011/06/14 00:20:35 | 000,003,375 | ---- | C] () -- C:\Windows\ONBRV2CL.INI
[2011/04/22 16:32:53 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/22 16:32:52 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/14 14:47:43 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/19 12:33:21 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
[2011/03/01 20:10:59 | 000,000,225 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/30 20:57:39 | 000,000,058 | -H-- | C] () -- C:\Windows\popcreg.dat
[2010/12/30 20:57:39 | 000,000,020 | ---- | C] () -- C:\Windows\popcinfot.dat
[2010/07/30 11:13:44 | 000,000,036 | -H-- | C] () -- C:\Users\Dawon\AppData\Local\housecall.guid.cache
[2010/06/29 20:32:06 | 000,000,112 | ---- | C] () -- C:\ProgramData\40Et2gh.dat

========== LOP Check ==========

[2011/02/07 14:31:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\.purple
[2010/03/23 22:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Acronis
[2010/08/24 12:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Amazon
[2011/04/08 20:39:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Any Video Converter
[2010/08/20 12:42:37 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\BitZipper
[2010/10/20 01:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\CallingID
[2010/06/23 12:42:06 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ChromePlus
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\DriverCure
[2011/11/28 13:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Dropbox
[2010/04/01 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\EuroTalk
[2009/11/15 09:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Flock
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GetRightToGo
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\GHISLER
[2010/08/20 12:36:57 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\gnupg
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\gtk-2.0
[2010/07/26 13:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\InfraRecorder
[2012/03/19 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\IObit
[2009/03/03 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\iWin
[2011/06/22 10:47:59 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Linphone
[2011/07/13 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\OpenCandy
[2011/11/28 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Opera
[2010/11/15 21:17:19 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PC Suite
[2012/02/13 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PC-FAX TX
[2012/03/19 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Philipp Winterberg
[2008/09/22 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\PictureMover
[2009/01/02 01:14:45 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\PlayFirst
[2008/11/05 18:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\ScanSoft
[2009/06/25 12:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Skinux
[2012/02/14 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\SpeedyPC Software
[2009/01/13 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\Systweak
[2009/05/06 16:31:40 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Template
[2008/09/30 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Dawon\AppData\Roaming\ubi.com
[2011/02/24 12:43:47 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WeatherBug
[2009/01/01 22:12:18 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WildTangent
[2008/09/23 14:41:42 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\WinBatch
[2011/06/30 16:58:01 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\Windows Live Writer
[2009/09/24 22:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Dawon\AppData\Roaming\YouSendIt
[2010/07/29 23:08:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2012/03/21 11:51:38 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Ok, finally worked in Safe Mode

Combofix log


ComboFix 12-03-21.02 - Dawon 03/21/2012 12:26:43.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2461 [GMT -5:00]
Running from: c:\users\Dawon\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico
c:\users\Dawon\AppData\Local\assembly\tmp
c:\users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\searchplugins\bing-zugo.xml
c:\users\Dawon\g2mdlhlpx.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 17:33 . 2012-03-21 17:33 -------- d-----w- c:\users\Dawon\AppData\Local\temp
2012-03-21 16:51 . 2012-03-21 16:51 -------- d-----w- C:\_OTL
2012-03-21 02:53 . 2012-03-21 02:53 -------- dc-h--w- c:\programdata\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}
2012-03-21 02:53 . 2011-02-10 23:34 6600192 ----a-w- c:\windows\system32\LicProtector310.exe
2012-03-21 02:53 . 2012-03-21 02:54 -------- d-----w- c:\users\Dawon\AppData\Local\Free File Opener
2012-03-21 02:53 . 2012-03-21 02:53 -------- d-----w- c:\program files\Free File Opener
2012-03-21 02:53 . 2012-03-21 02:53 -------- d-----w- c:\users\Dawon\AppData\Local\PackageAware
2012-03-21 02:53 . 2012-03-21 02:53 -------- d-----w- c:\programdata\Free File Opener
2012-03-21 02:53 . 2011-02-21 21:25 2323520 ----a-w- c:\windows\system32\gdpicturepro5.ocx
2012-03-21 02:52 . 2012-03-21 02:52 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-03-20 16:01 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73BED0EB-6DB2-45AC-A419-86AC887CB145}\mpengine.dll
2012-03-20 02:54 . 2012-03-20 02:55 -------- d-----w- c:\programdata\SecTaskMan
2012-03-20 02:54 . 2012-03-20 02:54 -------- d-----w- c:\program files\Security Task Manager
2012-03-19 23:49 . 2012-03-19 23:49 -------- d-----w- c:\users\Dawon\AppData\Roaming\Philipp Winterberg
2012-03-19 23:49 . 2012-03-19 23:49 -------- d-----w- c:\program files\RAR File Open Knife - Free Opener
2012-03-19 21:48 . 2012-03-19 21:48 -------- d-----w- c:\programdata\WindowsSearch
2012-03-19 21:39 . 2012-03-19 21:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-19 21:36 . 2012-03-19 21:36 -------- d-----w- C:\MGtools
2012-03-19 21:30 . 2012-03-19 21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 21:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 15:58 . 2012-03-20 21:31 -------- d-----w- c:\programdata\AVAST Software
2012-03-19 15:58 . 2012-03-20 00:57 -------- d-----w- c:\program files\AVAST Software
2012-03-17 22:13 . 2012-03-17 22:13 -------- d-----w- c:\program files\iPod
2012-03-17 01:46 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 01:46 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-17 01:46 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-17 01:46 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-17 01:46 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 01:46 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 01:46 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-17 01:46 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-28 03:07 . 2012-03-17 07:10 -------- d-----w- c:\users\Dawon\AppData\Local\RockMelt
2012-02-23 20:47 . 2012-02-23 21:07 -------- d-----w- c:\program files\Localphone
2012-02-23 20:44 . 2012-02-23 21:11 -------- d-----w- c:\users\Administrator.Dawon-PC\AppData\Roaming\Linphone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 21:36 . 2012-03-19 21:36 39862 ----a-w- C:\MGlogs.zip
2012-03-19 20:50 . 2010-05-03 16:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 06:29 . 2011-05-23 23:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2009-10-03 04:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 18:38 . 2012-01-30 18:38 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-30 18:38 . 2012-01-30 18:38 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-30 18:38 . 2012-01-30 18:38 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-30 18:38 . 2012-01-30 18:38 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-30 18:38 . 2012-01-30 18:38 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-30 18:38 . 2012-01-30 18:38 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 16:11 . 2008-08-04 18:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-14 14:13 . 2012-01-14 14:13 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-30 23:02 . 2012-01-30 18:37 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-09-14 02:19 . 2011-05-23 20:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
backup=c:\windows\pss\PictureMover.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dawon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:50 3730024 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Dawon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"HPADVISOR"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
"Easy Dock"=c:\users\Dawon\Documents\RCA easyRip\EZDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpsysdrv"=c:\hp\support\hpsysdrv.exe
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.15.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Dawon\AppData\Roaming\Mozilla\Firefox\Profiles\te5vu0e8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extentions.y2layers.installId - c7d6ae24-25b3-4cc7-b4e5-46030fb5c31b
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-SmartRAM - c:\program files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
SafeBoot-33916802.sys
SafeBoot-78099044.sys
SafeBoot-klmdb.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced SystemCare 5\suo10_smartram.exe
AddRemove-dm - c:\program files\CA\CA Internet Security Suite\caunst.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-American Heritage Talking Dictionary - c:\program files\Compton's Home Library\ahtd\isl_ahtd.log
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-21 12:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,3e,6b,12,90,1f,78,46,ba,77,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,3e,6b,12,90,1f,78,46,ba,77,ca,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-21 12:35:15
ComboFix-quarantined-files.txt 2012-03-21 17:35
.
Pre-Run: 193,965,289,472 bytes free
Post-Run: 193,878,220,800 bytes free
.
- - End Of File - - AE37718F4E99840BA0183C3A281E86E3

The computer seems to be doing fine. I think I need more memory because I'd like things to go faster.

Security Check log

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.1.102.63
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


Farbar log

Farbar Service Scanner Version: 01-03-2012
Ran by Dawon (administrator) on 21-03-2012 at 12:59:13
Running from "C:\Users\Dawon\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 13:59] - [2011-11-08 13:59] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

For the ESET scanner I keep getting the message during the initialization:

Can not get update. Is proxy configured? And it just does nothing. I click 'back' and it shows that Windows Defender is being detected but even after I turn it off it keeps saying the same thing.

It took a while but finally finished

ESET log


C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR File Open Knife - Free Opener\RAR File Open Knife - Free Opener Updates.lnk LNK/URL.B trojan cleaned by deleting - quarantined
C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Dawon\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Dawon\Downloads\TuneUpUtilities2012_en-US-123.exe a variant of Win32/Adware.OpenInstall application cleaned by deleting - quarantined

I'd also like to know what free anti-virus/spyware I should download on my computer. Right now all I have is Windows Defender

OTL log


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Dawon-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dawon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 994462 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 58076603 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1632 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 237091 bytes

Total Files Cleaned = 57.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Dawon-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Dawon
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.Dawon-PC
->Java cache emptied: 0 bytes

User: All Users

User: Dawon
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.39.1 log created on 03212012_171455

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thank you so much for everything. Now I'm about to run the OTL cleanup and follow all the rest of your instructions

Regards

:wave: