TechSpot

EasyBits malware

Solved
By hokokhua
Nov 28, 2012
Topic Status:
Not open for further replies.
  1. Hi there,

    I recently sent my desktop to a repair shop to change a motherboard and since it got back, I realised that there were strange programs installed on my PC that I cannot remove. These include: EasyBits Tic-Tac-Toe, EasyBits Battleship and EasyChat. I see them when I go to the start button. I tried to go to Control Panel to uninstall but it doesn't detect such a program. Same thing for Revo Uninstaller.

    Looking forward to your advice on how to remove the malware. Thanks!!

    Best,
    Paul
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  3. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
    Run by user at 9:26:42 on 2012-11-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.950.852.1033.18.7883.4010 [GMT 8:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Roozz\RoozzUpdater.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\TiltWheelMouse.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
    C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\notepad.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.sg/
    uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [Driver Genius] <no file>
    StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK -
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: OldEnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &E1OA&N﹐A×AeIsIAOO - <no file>
    IE: &E1OA&N﹐A×IAOO - <no file>
    IE: &E1OA&N﹐A×IAOOE?2?A’?O - <no file>
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{53F2BC1E-01F1-4806-B216-8F6AAF184D2D} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D} : NameServer = 98.158.112.60 199.127.248.22
    TCP: Interfaces\{7E18089D-8B59-4DEE-85A4-8EED830558C2} : DHCPNameServer = 192.168.0.1
    SEH: DesktopTipsStub Class - {4562B511-62E9-4533-B7B2-56A8BB10B482} -
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [MouseDriver] TiltWheelMouse.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Notify: igfxcui - igfxdev.dll
    x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Roozz\nproozz.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-10-02 21:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-27 16152]
    R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-6-1 157696]
    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-7-8 426616]
    R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-7-8 453896]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-7-8 1096176]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-1-10 17720]
    R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-3-31 141920]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-7-8 251528]
    R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-28 236544]
    R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-6-10 233328]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-27 164520]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
    R2 Roozz Updater;Roozz Updater;C:\Program Files (x86)\Roozz\RoozzUpdater.exe [2012-6-22 393216]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2007-10-22 11576]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-11-27 134696]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-11-27 21568]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-11-27 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-11-27 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-11-27 39976]
    R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2011-2-18 56160]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-27 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-27 788760]
    R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
    R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\System32\drivers\whfltr2k.sys [2011-11-30 10368]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW86.sys [2012-5-31 90624]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
    S3 Media Center 17 Service;Media Center 17 Service;C:\Program Files (x86)\J River\Media Center 17\JRService.exe [2012-5-9 392320]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
    S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-7-8 85224]
    S3 PCTSFileEnum;PCTSFileEnum;C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-7-8 89016]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-31 685672]
    S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-11-2 166704]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-30 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2012-11-27 14:17:22--------d-----w-C:\Users\user\AppData\Roaming\BCGameTime
    2012-11-27 05:04:0916896----a-w-C:\Windows\AsTaskSched.dll
    2012-11-27 04:07:20--------d-----w-C:\Users\user\AppData\Local\Broadcom
    2012-11-27 04:07:07620584----a-w-C:\Windows\System32\drivers\btwampfl.sys
    2012-11-27 04:04:3889640----a-w-C:\Windows\System32\drivers\btwdpan.sys
    2012-11-27 04:04:3821544----a-w-C:\Windows\System32\drivers\btwrchid.sys
    2012-11-27 04:04:37178728----a-w-C:\Windows\System32\drivers\btwavdt.sys
    2012-11-27 04:04:37167976----a-w-C:\Windows\System32\drivers\btwaudio.sys
    2012-11-27 04:04:3639976----a-w-C:\Windows\System32\drivers\btwl2cap.sys
    2012-11-27 04:04:36134696----a-w-C:\Windows\System32\drivers\bcbtums.sys
    2012-11-27 04:03:39--------d-----w-C:\Program Files\WIDCOMM
    2012-11-27 04:02:55--------d-----w-C:\Program Files (x86)\Cisco
    2012-11-27 04:00:5521568----a-w-C:\Windows\System32\drivers\bcmvwl64.sys
    2012-11-27 04:00:0216152----a-w-C:\Windows\System32\drivers\iusb3hcs.sys
    2012-11-27 03:59:47788760----a-w-C:\Windows\System32\drivers\iusb3xhc.sys
    2012-11-27 03:59:44356120----a-w-C:\Windows\System32\drivers\iusb3hub.sys
    2012-11-27 03:58:56--------d-----w-C:\Program Files (x86)\ASM104xUSB3
    2012-11-27 03:58:32164520----a-w-C:\Windows\System32\IPROSetMonitor.exe
    2012-11-27 03:58:04316104----a-r-C:\Windows\System32\PROUnstl.exe
    2012-11-27 03:56:2568264----a-w-C:\Windows\System32\e1cmsg.dll
    2012-11-27 03:56:2536472----a-w-C:\Windows\System32\NicCo36.dll
    2012-11-27 03:56:25328368----a-w-C:\Windows\System32\drivers\e1c62x64.sys
    2012-11-27 03:56:2292864----a-w-C:\Windows\System32\NicInstC.dll
    2012-11-15 06:25:179728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-15 06:25:17785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-15 06:25:1754376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-15 06:25:172560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-15 06:19:5287040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-15 06:19:52198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-15 06:19:4984992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-15 06:19:4945056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-15 06:19:49194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 06:19:48744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-15 06:19:48229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-15 02:25:5795744----a-w-C:\Windows\System32\synceng.dll
    2012-11-15 02:25:5778336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-11-11 05:57:51--------d-----w-C:\Program Files (x86)\Kindle Auto eBook Converter
    2012-11-11 05:45:29--------d-----w-C:\Program Files (x86)\DjVu Viewer
    2012-11-03 12:10:12--------d-----w-C:\Users\user\AppData\Local\Octoshape
    2012-11-03 12:10:09--------d-----w-C:\Users\user\AppData\Roaming\Octoshape
    2012-11-02 10:01:5033792----a-w-C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll
    2012-11-02 10:01:26--------d-----w-C:\Program Files (x86)\Samsung Printers
    2012-11-02 10:00:34256000----a-w-C:\Windows\System32\SIPDUtil.dll
    2012-11-02 10:00:34162096----a-w-C:\Windows\System32\SUPDSvcA.dll
    2012-11-02 10:00:3227648----a-w-C:\Windows\System32\spd__l.dll
    2012-11-02 10:00:3189600----a-w-C:\Windows\System32\spd__ci.dll
    2012-11-02 10:00:31359424----a-w-C:\Windows\System32\DscPnt.dll
    2012-11-02 10:00:31166704----a-w-C:\Windows\System32\SUPDSvc.exe
    2012-11-02 10:00:30258864----a-w-C:\Windows\SUPDRun.exe
    2012-11-02 10:00:30151552----a-w-C:\Windows\System32\spd__ci.exe
    2012-11-02 10:00:00--------d-----w-C:\Windows\twain_64
    2012-11-02 09:57:48280064----a-w-C:\Windows\System32\snWIAMUI.dll
    .
    ==================== Find3M ====================
    .
    2012-11-27 04:01:0973728----a-w-C:\Windows\System32\wltrynt.dll
    2012-11-27 04:01:09445----a-w-C:\Windows\System32\vcredist_x64.bat
    2012-11-27 04:01:0935344----a-w-C:\Windows\System32\drivers\npf.sys
    2012-11-27 04:01:093161088----a-w-C:\Windows\System32\vcredist_x64.exe
    2012-11-27 04:01:074658688----a-w-C:\Windows\System32\bcmttls.dll
    2012-11-27 04:01:071047552----a-w-C:\Windows\System32\BCMLogon.dll
    2012-11-27 04:01:0622592----a-w-C:\Windows\System32\drivers\bcm42rly.sys
    2012-11-27 04:01:054961800----a-w-C:\Windows\SysWow64\vcredist_x64.exe
    2012-11-27 04:01:05446----a-w-C:\Windows\SysWow64\vcredist_x64.bat
    2012-11-27 04:00:586656----a-w-C:\Windows\System32\bcmwlrc.dll
    2012-11-27 04:00:5795544----a-w-C:\Windows\System32\bcmwlcoi.dll
    2012-11-27 04:00:564746304----a-w-C:\Windows\System32\drivers\BCMWL664.SYS
    2012-11-27 04:00:563952640----a-w-C:\Windows\System32\bcmihvsrv64.dll
    2012-11-27 04:00:563617792----a-w-C:\Windows\System32\bcmihvui64.dll
    2012-11-11 01:58:4773656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-11 01:58:47697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-29 11:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-09-02 00:18:04108008----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-09-02 00:18:01916456----a-w-C:\Windows\System32\deployJava1.dll
    2012-09-02 00:18:011034216----a-w-C:\Windows\System32\npDeployJava1.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    .
    ============= FINISH: 9:27:19.81 ===============
     
  4. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/11/2011 7:52:40 PM
    System Uptime: 29/11/2012 8:59:11 AM (1 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-I DELUXE
    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | LGA1155 | 1584/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1000 GiB total, 67.593 GiB free.
    D: is FIXED (NTFS) - 863 GiB total, 97.455 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP274: 27/11/2012 12:05:17 PM - Broadcom BTW Restore Point
    RP275: 27/11/2012 10:27:07 PM - Revo Uninstaller's restore point - PPLite 1.0.0.0082
    RP276: 28/11/2012 8:47:55 PM - Windows Update
    RP277: 28/11/2012 9:43:57 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20 (x64 edition)
    ABBYY FineReader 11 Corporate Edition
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Lightroom 4.1 64-bit
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Advanced Wheel Mouse 6.0.0.011
    AMD Catalyst Install Manager
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Audacity 2.0
    Bonjour
    Broadcom InConcert Maestro
    Broadcom Wireless Utility
    calibre
    Catalyst Control Center InstallProxy
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CutePDF Writer 2.8
    dBpoweramp DSP Effects
    dBpoweramp Music Converter
    DiskAid 5.31
    DjVu Viewer version 1.0
    Driver Genius Professional Edition
    ESET Smart Security
    Everything 1.2.1.371
    Fences
    FLAC 1.2.1b (remove only)
    foobar2000 v1.1.9
    FormatFactory 3.0.1
    Free RAR Extract Frog
    Google Chrome
    HandBrake 0.9.6
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel(R) Management Engine Components
    Intel(R) Network Connections 16.1.53.0
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    IntelR Trusted Connect Service Client
    iTunes
    Java 7 Update 7 (64-bit)
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    K-Lite Codec Pack 5.5.0 (64-bit)
    K-Lite Mega Codec Pack 8.0.0
    Kindle Auto eBook Converter 0.4.50
    LADSPA_plugins-win-0.4.15
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.65.1.1000
    Media Center 17
    MediaInfo 0.7.53
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MKVToolNix 5.2.1
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Mp3tag v2.50
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyFreeCodec
    Nitro Reader 2
    Octoshape Streaming Services
    OLYMPUS Digital Camera Updater
    PC Tools on-the-fly Scanner 9.0
    PDF to Word
    pdfsam
    Readiris Pro 10
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Renesas Electronics USB 3.0 Host Controller Driver
    Revo Uninstaller 1.93
    Roozz plugin 2.9.8
    Samsung CLX-3170 Series
    SAMSUNG Dr.Printer
    Samsung Kies
    Samsung Universal Print Driver
    Samsung Universal Scan Driver
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    SES Driver
    Smart Defrag 2
    SmarThru 4
    swMSM
    System Requirements Lab for Intel
    TeraCopy 2.27
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VirtualCloneDrive
    VLC media player 2.0.4
    WIDCOMM Bluetooth Software
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
    Windows Media Player Firefox Plugin
    WinSCP 4.3.2
    μTorrent
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/11/2012 8:59:37 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    29/11/2012 8:59:17 AM, Error: volmgr [46] - Crash dump initialization failed!
    27/11/2012 9:59:28 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={D6813A2C-2C52-42DB-9F2E-07C55AE0A4C9}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    27/11/2012 9:57:51 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={105370EA-D5D4-425E-B87C-8EADB7B9E3C1}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    27/11/2012 9:55:55 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={9B14DB58-0E0F-46D5-B8A4-B4377F29B913}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    27/11/2012 11:50:44 AM, Error: Service Control Manager [7023] - The Intel(R) Content Protection HECI Service service terminated with the following error: %%-2147024637
    27/11/2012 10:06:39 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={FD64EA28-8762-435A-BF54-966C46B0447C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    27/11/2012 10:04:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{48FBD19D-CCD5-453F-A85F-5DD4190A2A7D} because another computer on the network has the same name. The server could not start.
    27/11/2012 10:00:59 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={4B176700-08A3-4E49-A596-5F03091AC23D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    24/11/2012 10:43:48 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  5. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.28.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    user :: USER-PC [administrator]
    29/11/2012 9:14:08 AM
    mbam-log-2012-11-29 (09-14-08).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 242927
    Time elapsed: 6 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  6. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    # AdwCleaner v2.009 - Logfile created 11/29/2012 at 08:57:59
    # Updated 24/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : user - USER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\user\Desktop\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v16.0.2 (en-US)
    -\\ Google Chrome v23.0.1271.91
    *************************
    AdwCleaner[S1].txt - [1443 octets] - [29/11/2012 08:57:59]
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  8. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    ComboFix 12-11-29.02 - user 1/2012 Fri 14:48:13.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.950.852.1033.18.7883.6082 [GMT 8:00]
    執行位置: c:\users\user\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\user\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
    c:\windows\SysWow64\System32\MASetupCleaner.exe
    c:\windows\SysWow64\System32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( 2012-10-28 至 2012-11-30 的新的檔案 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\Public\AppData\Local\temp
    2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\PlayOnHD\AppData\Local\temp
    2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-27 14:17 . 2012-11-27 14:17--------d-----w-c:\users\user\AppData\Roaming\BCGameTime
    2012-11-27 05:04 . 2012-11-27 05:0416896----a-w-c:\windows\AsTaskSched.dll
    2012-11-27 04:07 . 2012-11-27 04:07--------d-----w-c:\users\user\AppData\Local\Broadcom
    2012-11-27 04:07 . 2011-09-20 08:36620584----a-w-c:\windows\system32\drivers\btwampfl.sys
    2012-11-27 04:04 . 2011-06-23 03:5921544----a-w-c:\windows\system32\drivers\btwrchid.sys
    2012-11-27 04:04 . 2011-05-20 14:4989640----a-w-c:\windows\system32\drivers\btwdpan.sys
    2012-11-27 04:04 . 2011-07-06 10:35167976----a-w-c:\windows\system32\drivers\btwaudio.sys
    2012-11-27 04:04 . 2011-06-23 03:59178728----a-w-c:\windows\system32\drivers\btwavdt.sys
    2012-11-27 04:04 . 2011-11-03 05:00134696----a-w-c:\windows\system32\drivers\bcbtums.sys
    2012-11-27 04:04 . 2011-02-13 16:1739976----a-w-c:\windows\system32\drivers\btwl2cap.sys
    2012-11-27 04:03 . 2012-11-27 04:03--------d-----w-c:\program files\WIDCOMM
    2012-11-27 04:02 . 2012-11-27 04:03--------d-----w-c:\program files (x86)\Cisco
    2012-11-27 04:00 . 2012-11-27 04:0021568----a-w-c:\windows\system32\drivers\bcmvwl64.sys
    2012-11-27 04:00 . 2012-02-26 19:0116152----a-w-c:\windows\system32\drivers\iusb3hcs.sys
    2012-11-27 03:59 . 2012-02-26 19:01788760----a-w-c:\windows\system32\drivers\iusb3xhc.sys
    2012-11-27 03:59 . 2012-02-26 19:01356120----a-w-c:\windows\system32\drivers\iusb3hub.sys
    2012-11-27 03:58 . 2012-11-27 03:58--------d-----w-c:\program files (x86)\ASM104xUSB3
    2012-11-27 03:58 . 2011-01-17 08:00164520----a-w-c:\windows\system32\IPROSetMonitor.exe
    2012-11-27 03:58 . 2011-01-28 02:19316104----a-r-c:\windows\system32\PROUnstl.exe
    2012-11-27 03:56 . 2011-02-08 03:03328368----a-w-c:\windows\system32\drivers\e1c62x64.sys
    2012-11-27 03:56 . 2011-01-20 16:5968264----a-w-c:\windows\system32\e1cmsg.dll
    2012-11-27 03:56 . 2009-05-26 01:0536472----a-w-c:\windows\system32\NicCo36.dll
    2012-11-27 03:56 . 2011-02-04 16:5992864----a-w-c:\windows\system32\NicInstC.dll
    2012-11-15 06:25 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-15 06:25 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-15 06:25 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-15 06:25 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-15 06:19 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-15 06:19 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-15 06:19 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-15 06:19 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-15 06:19 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-15 06:19 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-15 06:19 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-15 02:25 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-15 02:25 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2012-11-11 05:57 . 2012-11-11 05:59--------d-----w-c:\program files (x86)\Kindle Auto eBook Converter
    2012-11-11 05:45 . 2012-11-11 05:45--------d-----w-c:\program files (x86)\DjVu Viewer
    2012-11-11 01:58 . 2012-11-11 01:58--------d-----w-c:\programdata\McAfee
    2012-11-03 12:10 . 2012-11-03 12:10--------d-----w-c:\users\user\AppData\Local\Octoshape
    2012-11-03 12:10 . 2012-11-03 12:10--------d-----w-c:\users\user\AppData\Roaming\Octoshape
    2012-11-02 10:01 . 2007-06-27 00:5433792----a-w-c:\windows\system32\Spool\prtprocs\x64\spd__pc.dll
    2012-11-02 10:01 . 2012-11-02 10:01--------d-----w-c:\program files (x86)\Samsung Printers
    2012-11-02 10:00 . 2010-08-09 02:04162096----a-w-c:\windows\system32\SUPDSvcA.dll
    2012-11-02 10:00 . 2009-10-07 02:43256000----a-w-c:\windows\system32\SIPDUtil.dll
    2012-11-02 10:00 . 2008-06-04 06:5327648----a-w-c:\windows\system32\spd__l.dll
    2012-11-02 10:00 . 2010-08-09 02:04166704----a-w-c:\windows\system32\SUPDSvc.exe
    2012-11-02 10:00 . 2010-08-09 00:14359424----a-w-c:\windows\system32\DscPnt.dll
    2012-11-02 10:00 . 2006-11-21 11:4089600----a-w-c:\windows\system32\spd__ci.dll
    2012-11-02 10:00 . 2010-08-09 02:04258864----a-w-c:\windows\SUPDRun.exe
    2012-11-02 10:00 . 2010-05-11 05:28151552----a-w-c:\windows\system32\spd__ci.exe
    2012-11-02 10:00 . 2012-11-02 10:00--------d-----w-c:\windows\twain_64
    2012-11-02 09:57 . 2010-05-20 06:08280064----a-w-c:\windows\system32\snWIAMUI.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-29 14:18 . 2012-04-02 07:09697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-29 14:18 . 2011-12-14 12:2073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-15 02:19 . 2011-11-30 13:0666395536----a-w-c:\windows\system32\MRT.exe
    2012-10-16 08:38 . 2012-11-28 12:48135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 12:48350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 12:48561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:22 . 2012-10-09 18:2280384----a-w-c:\windows\system32\igdde64.dll
    2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrtrk.lrc
    2012-10-09 18:22 . 2012-10-09 18:22216064----a-w-c:\windows\system32\iglhcp64.dll
    2012-10-09 18:22 . 2012-10-09 18:22180224----a-w-c:\windows\SysWow64\iglhcp32.dll
    2012-10-09 18:22 . 2012-10-09 18:225903392----a-w-c:\windows\system32\GfxUI.exe
    2012-10-09 18:22 . 2012-10-09 18:22519680----a-w-c:\windows\SysWow64\iglhsip32.dll
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrdeu.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrhun.lrc
    2012-10-09 18:22 . 2012-10-09 18:223776512----a-w-c:\windows\SysWow64\igfxcmjit32.dll
    2012-10-09 18:22 . 2012-10-09 18:2210673664----a-w-c:\windows\SysWow64\ig4icd32.dll
    2012-10-09 18:22 . 2012-10-09 18:2264512----a-w-c:\windows\SysWow64\igdde32.dll
    2012-10-09 18:22 . 2012-10-09 18:22501760----a-w-c:\windows\system32\igfxcmrt64.dll
    2012-10-09 18:22 . 2012-10-09 18:22439296----a-w-c:\windows\system32\igfxrrus.lrc
    2012-10-09 18:22 . 2012-10-09 18:22431104----a-w-c:\windows\system32\igfxrkor.lrc
    2012-10-09 18:22 . 2012-10-09 18:22410624----a-w-c:\windows\system32\igfxTMM.dll
    2012-10-09 18:22 . 2012-10-09 18:2212836864----a-w-c:\windows\system32\igd10umd64.dll
    2012-10-09 18:22 . 2012-03-19 14:17110592----a-w-c:\windows\system32\hccutils.dll
    2012-10-09 18:22 . 2012-10-09 18:22330240----a-w-c:\windows\SysWow64\igfxdv32.dll
    2012-10-09 18:22 . 2012-10-09 18:2212604416----a-w-c:\windows\system32\igdumd64.dll
    2012-10-09 18:22 . 2012-10-09 18:22441888----a-w-c:\windows\system32\igfxpers.exe
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrhrv.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrcsy.lrc
    2012-10-09 18:22 . 2012-10-09 18:2225088----a-w-c:\windows\SysWow64\igfxexps32.dll
    2012-10-09 18:22 . 2012-10-09 18:225343584----a-w-c:\windows\system32\drivers\igdkmd64.sys
    2012-10-09 18:22 . 2012-10-09 18:22448512----a-w-c:\windows\SysWow64\igfx11cmrt32.dll
    2012-10-09 18:22 . 2012-10-09 18:22441856----a-w-c:\windows\system32\igfxdev.dll
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrnld.lrc
    2012-10-09 18:22 . 2012-10-09 18:22399392----a-w-c:\windows\system32\hkcmd.exe
    2012-10-09 18:22 . 2012-10-09 18:22272928----a-w-c:\windows\system32\igvpkrng600.bin
    2012-10-09 18:22 . 2012-10-09 18:22126976----a-w-c:\windows\system32\igfxcpl.cpl
    2012-10-09 18:22 . 2012-10-09 18:22116224----a-w-c:\windows\system32\igfxCoIn_v2867.dll
    2012-10-09 18:22 . 2012-03-19 14:1763488----a-w-c:\windows\system32\igfxsrvc.dll
    2012-10-09 18:22 . 2012-03-19 14:169007616----a-w-c:\windows\system32\igfxress.dll
    2012-10-09 18:22 . 2012-10-09 18:22604160----a-w-c:\windows\SysWow64\igfxcmrt32.dll
    2012-10-09 18:22 . 2012-10-09 18:224571136----a-w-c:\windows\system32\igfxcmjit64.dll
    2012-10-09 18:22 . 2012-10-09 18:22439808----a-w-c:\windows\system32\igfxresn.lrc
    2012-10-09 18:22 . 2012-10-09 18:22439296----a-w-c:\windows\system32\igfxrrom.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrsve.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrslv.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrnor.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437248----a-w-c:\windows\system32\igfxrdan.lrc
    2012-10-09 18:22 . 2012-10-09 18:22277024----a-w-c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-10-09 18:22 . 2012-10-09 18:22185376----a-w-c:\windows\system32\difx64.exe
    2012-10-09 18:22 . 2012-10-09 18:22173568----a-w-c:\windows\system32\gfxSrvc.dll
    2012-10-09 18:22 . 2012-10-09 18:2212887040----a-w-c:\windows\system32\ig4icd64.dll
    2012-10-09 18:22 . 2012-10-09 18:22435712----a-w-c:\windows\system32\igfxrheb.lrc
    2012-10-09 18:22 . 2012-10-09 18:22429056----a-w-c:\windows\system32\igfxrcht.lrc
    2012-10-09 18:22 . 2012-10-09 18:22171040----a-w-c:\windows\system32\igfxtray.exe
    2012-10-09 18:22 . 2012-10-09 18:2211158528----a-w-c:\windows\SysWow64\igd10umd32.dll
    2012-10-09 18:22 . 2012-10-09 18:22509984----a-w-c:\windows\system32\igfxsrvc.exe
    2012-10-09 18:22 . 2012-10-09 18:22440320----a-w-c:\windows\system32\igfxrell.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrptg.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrplk.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrita.lrc
    2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrfin.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437248----a-w-c:\windows\system32\igfxrtha.lrc
    2012-10-09 18:22 . 2012-10-09 18:22428544----a-w-c:\windows\system32\igfxrchs.lrc
    2012-10-09 18:22 . 2012-10-09 18:22286208----a-w-c:\windows\system32\igfxrenu.lrc
    2012-10-09 18:22 . 2012-10-09 18:22142336----a-w-c:\windows\system32\igfxdo.dll
    2012-10-09 18:22 . 2012-10-09 18:22963452----a-w-c:\windows\system32\igcodeckrng600.bin
    2012-10-09 18:22 . 2012-10-09 18:22482304----a-w-c:\windows\system32\igfx11cmrt64.dll
    2012-10-09 18:22 . 2012-10-09 18:22386048----a-w-c:\windows\system32\igfxpph.dll
    2012-10-09 18:22 . 2012-10-09 18:22524800----a-w-c:\windows\system32\iglhsip64.dll
    2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrsky.lrc
    2012-10-09 18:22 . 2012-10-09 18:22435712----a-w-c:\windows\system32\igfxrara.lrc
    2012-10-09 18:22 . 2012-10-09 18:22432128----a-w-c:\windows\system32\igfxrjpn.lrc
    2012-10-09 18:22 . 2012-10-09 18:2228672----a-w-c:\windows\system32\igfxexps.dll
    2012-10-09 18:22 . 2012-10-09 18:22252448----a-w-c:\windows\system32\igfxext.exe
    2012-10-09 18:22 . 2012-03-19 15:2611040256----a-w-c:\windows\SysWow64\igdumd32.dll
    2012-10-09 18:22 . 2012-10-09 18:229728----a-w-c:\windows\system32\IGFXDEVLib.dll
    2012-10-09 18:22 . 2012-10-09 18:22439808----a-w-c:\windows\system32\igfxrfra.lrc
    2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrptb.lrc
    2012-09-29 11:54 . 2012-07-09 14:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-14 19:19 . 2012-10-11 08:072048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-11 08:072048----a-w-c:\windows\SysWow64\tzres.dll
    2012-09-02 00:18 . 2012-09-02 00:18108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-02 00:18 . 2012-09-02 00:18289768----a-w-c:\windows\system32\javaws.exe
    2012-09-02 00:18 . 2012-09-02 00:18189416----a-w-c:\windows\system32\javaw.exe
    2012-09-02 00:18 . 2012-09-02 00:18188904----a-w-c:\windows\system32\java.exe
    2012-09-02 00:18 . 2012-09-02 00:18916456----a-w-c:\windows\system32\deployJava1.dll
    2012-09-02 00:18 . 2012-09-02 00:181034216----a-w-c:\windows\system32\npDeployJava1.dll
    .
    .
     
  9. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
    [-] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
    [7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\browser.dll
    [7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
    [-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
    .
    [-] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
    [-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
    [-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
    [-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
    [7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
    [-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
    .
    [-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
    [-] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
    [7] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\spoolsv.exe
    [7] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
    [-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
    .
    [-] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
    [-] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
    [-] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [-] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
    [7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [-] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
    .
    [-] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7601.17932] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll
    [-] 2012-08-20 . 624B34180C79D67C470C155DB81FFB8E . 1163264 . . [6.1.7601.17932] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
    [7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\erdnt\cache64\kernel32.dll
    [7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
    [7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
    [7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
    [-] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7601.17932] .. c:\windows\system32\kernel32.dll
    .
    [-] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_87c4e241f4e1f6f6\mshtml.dll
    [-] 2012-10-08 . 1FB8062D4C3A4C7B8ECA7BBD1E743000 . 17812992 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_8840ae430e0a66ac\mshtml.dll
    [-] 2012-08-24 . F244DA6DD2C365ABAFD076222C22C2BE . 17810944 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_87bfe0cff4e67843\mshtml.dll
    [-] 2012-08-24 . 522A528C296A9AEF3F0C289FF7093315 . 17810944 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_88507fa10dfdc96e\mshtml.dll
    [-] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll
    [-] 2012-06-29 . C4DE0E2B31F60ACB15E6B4154E26298A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll
    [-] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll
    [-] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll
    [-] 2012-05-18 . DE469470D93DEB4A1A81EDE72B848198 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll
    [-] 2012-05-18 . BE1E4779329040ED334651CD877C416D . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll
    [-] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll
    [-] 2012-02-28 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll
    [-] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
    [-] 2011-12-14 . 153963F44A26A7840ACDF52C2CD1B9DC . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_885a4f430df69426\mshtml.dll
    [7] 2011-11-30 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll
    [-] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll
    [-] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll
    [7] 2011-10-01 . 6954EE1BBF29632A73791910E89951A8 . 9011200 . . [8.00.7601.17699] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_8bd1e33ab007593c\mshtml.dll
    [7] 2011-10-01 . 187A4AE835C9C269447A7ACE944744FB . 9011200 . . [8.00.7601.21830] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_8c935ed9c8fc6a78\mshtml.dll
    [7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
    [-] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
    .
    [-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
    [-] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
    [7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
    [-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
    .
    [-] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_766ac323748b8dc0\wininet.dll
    [-] 2012-10-08 . 789EAD6F3CE42F3322818988400986E9 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_76e68f248db3fd76\wininet.dll
    [-] 2012-08-24 . 3D165C53E40236A68B7102D1A622D4E0 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_7665c1b174900f0d\wininet.dll
    [-] 2012-08-24 . 456D4E9006DF149C250D40B813290471 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_76f660828da76038\wininet.dll
    [-] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll
    [-] 2012-06-29 . 8BA7EDA2656ED7FBC93BDD5CB02B8D4E . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll
    [-] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll
    [-] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll
    [-] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll
    [-] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll
    [-] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll
    [-] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll
    [-] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
    [-] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll
    [7] 2011-11-30 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll
    [-] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll
    [-] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
    [7] 2011-08-20 . DB33A1489C1DA1F37AC2D84CB9756DD1 . 1188864 . . [8.00.7601.17671] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_7a8561a42fa7ed6c\wininet.dll
    [7] 2011-08-20 . 2B4973A8A9D0336EEF6E10DBD6E5B87D . 1189376 . . [8.00.7601.21795] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_7afd5fbf48d22a74\wininet.dll
    [7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
    [-] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
    .
    [-] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
    [-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
    [-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
    [-] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [-] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [7] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    .
    [-] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7601.17932] .. c:\windows\SysWOW64\kernel32.dll
    [-] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7601.17932] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
    [-] 2012-08-20 . 305681B4B695D4A888B941965FFC2C17 . 1114112 . . [6.1.7601.17932] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
    [7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
    [7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\erdnt\cache86\kernel32.dll
    [7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
    [7] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
    .
    [-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
    [-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_92198c942942b8f1\mshtml.dll
    [-] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_92955895426b28a7\mshtml.dll
    [-] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_92a529f3425e8b69\mshtml.dll
    [-] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_92148b2229473a3e\mshtml.dll
    [-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll
    [-] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll
    [-] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll
    [-] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll
    [-] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll
    [-] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll
    [-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll
    [-] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll
    [-] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll
    [-] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll
    [7] 2011-11-30 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll
    [-] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll
    [-] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll
    [7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7601.21830] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_96e8092bfd5d2c73\mshtml.dll
    [7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7601.17699] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_96268d8ce4681b37\mshtml.dll
    [7] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
    .
    [-] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
    [-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
    [-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
    [7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
    .
    [-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
    [-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll
    [-] 2012-10-08 . 6E3AC8A54A1881806BA2B58539483788 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll
    [-] 2012-08-24 . 2895E29EFCFC0B1BCF8AEE1A0C67913C . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll
    [-] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll
    [-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
    [-] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
    [-] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
    [-] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
    [-] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
    [-] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
    [-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
    [-] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
    [-] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
    [-] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
    [7] 2011-11-30 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
    [-] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
    [-] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
    [7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
    [7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
    [7] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白與合法缺省登錄將不會被顯示
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-12-15 436088]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-19 896912]
    "Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-07-27 1261512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    "Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-16 296096]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-6-23 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    "OldEnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys [2012-04-18 90624]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
    R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe [2012-05-07 392320]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-10 97792]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-10 217600]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
    R3 PCTSFileEnum;PCTSFileEnum;c:\program files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-05-11 89016]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 685672]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-30 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
    S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-03-31 141920]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
    S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-24 236544]
    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]
    S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
    S2 Roozz Updater;Roozz Updater;c:\program files (x86)\Roozz\RoozzUpdater.exe [2012-09-27 393216]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2012-11-27 21568]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-20 89640]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976]
    S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
    S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
    S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2000-01-01 10368]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    XLServicePlatformREG_MULTI_SZ XLServicePlatform
    .
    ‘計劃任務’ 文件夾 裡的內容
    .
    2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:18]
    .
    2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000Core.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 13:07]
    .
    2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000UA.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 13:07]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MouseDriver"="TiltWheelMouse.exe" [2010-10-31 241152]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-09 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-09 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-09 441888]
    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
    "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-11-27 7138816]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
    .
    ------- 而外的掃描 -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.sg/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &E1OA&N﹐A×AeIsIAOO - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
    IE: &E1OA&N﹐A×IAOO - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
    IE: &E1OA&N﹐A×IAOOE?2?A’?O - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D}: NameServer = 98.158.112.60 199.127.248.22
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\
    FF - ExtSQL: 2012-10-02 21:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll
    Wow6432Node-HKLM-Run-Driver Genius - (no file)
    ShellExecuteHooks-{4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll
    BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="??捁楴敶?汐杵湩?摮??敗?汐杵湩 v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="??捁楴敶?汐杵湩?摮??敗?汐杵湩 v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ 其他運行進程 ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\windows\System32\TiltWheelMouse.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    完成時間: 2012-11-30 15:03:29 - 電腦已重新啟動
    ComboFix-quarantined-files.txt 2012-11-30 07:03
    .
    Pre-Run: 119,995,895,808 bytes free
    Post-Run: 121,107,156,992 bytes free
    .
    - - End Of File - - 982BCA0FBC70DE652C1E340319560F9A
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  11. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    OTL logfile created on: 1/12/2012 8:58:07 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

    7.70 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.73% Memory free
    15.39 Gb Paging File | 13.29 Gb Available in Paging File | 86.31% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 999.90 Gb Total Space | 112.58 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
    Drive D: | 863.02 Gb Total Space | 104.46 Gb Free Space | 12.10% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/12/01 08:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    PRC - [2012/09/27 09:40:45 | 000,393,216 | ---- | M] (Roozz) -- C:\Program Files (x86)\Roozz\RoozzUpdater.exe
    PRC - [2012/09/19 20:25:46 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/16 14:31:26 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/02/27 03:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/12/22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
    PRC - [2011/12/16 11:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/12/15 15:55:50 | 000,436,088 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
    PRC - [2011/11/29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2011/11/29 20:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/10/13 18:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/30 14:57:45 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
    MOD - [2012/11/23 17:18:10 | 000,088,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsdone.dll
    MOD - [2012/11/16 00:56:28 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e3718ece6223593baa31cb00e9780ef7\System.Management.ni.dll
    MOD - [2012/11/16 00:55:39 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\de8e0c7dac7ddfbb47bd2fad7a1c2763\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 00:55:34 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a8628a44968950ae1c3ffe3a6f3f60a6\System.Xaml.ni.dll
    MOD - [2012/11/15 14:28:24 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cf12ed43759d7a1c04be92cc04bca019\PresentationFramework.ni.dll
    MOD - [2012/11/15 14:28:16 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d21b72c457fa044a1439de961cc4494\PresentationCore.ni.dll
    MOD - [2012/11/15 14:28:10 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\71b7fd791db6f544dcf6ba822b52a947\WindowsBase.ni.dll
    MOD - [2012/11/15 14:28:09 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\83973b62e21d9cb2255f3511882e8d39\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/15 14:24:35 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\092689c884e1797414554c26f165b28b\System.Windows.Forms.ni.dll
    MOD - [2012/11/15 14:24:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1c38885c86b2699d66470bae7cf7305\System.Core.ni.dll
    MOD - [2012/11/15 14:24:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f054c2fd2397af924eb5dcd5f3acfc68\System.Xml.ni.dll
    MOD - [2012/11/15 14:24:30 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9167adc3041ed7fed384ec3d3e8289fa\System.Drawing.ni.dll
    MOD - [2012/11/15 14:24:29 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f1ffda77a89b30adb2a26e08488450e5\System.ni.dll
    MOD - [2012/11/15 14:24:25 | 014,417,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6137e81cd213b81085a3a54a956e9262\mscorlib.ni.dll
    MOD - [2012/09/17 14:03:55 | 000,419,272 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsclient.dll
    MOD - [2012/01/01 16:55:29 | 000,034,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsstatistic.dll
    MOD - [2011/12/15 15:55:46 | 000,426,344 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll
    MOD - [2011/12/15 15:55:38 | 000,116,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
    MOD - [2011/11/29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2009/10/13 18:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/11/27 12:01:09 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2012/05/25 01:07:32 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2012/01/23 22:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
    SRV:64bit: - [2011/12/20 10:11:48 | 000,341,800 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
    SRV:64bit: - [2011/11/28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/01/17 16:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
    SRV:64bit: - [2010/08/09 10:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/29 22:18:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/27 19:38:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/09/27 09:40:45 | 000,393,216 | ---- | M] (Roozz) [Auto | Running] -- C:\Program Files (x86)\Roozz\RoozzUpdater.exe -- (Roozz Updater)
    SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/05/11 11:13:36 | 000,089,016 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe -- (PCTSFileEnum)
    SRV - [2012/05/08 05:45:13 | 000,392,320 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
    SRV - [2011/12/22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
    SRV - [2011/12/16 11:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/27 12:01:06 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2012/11/27 12:00:56 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2012/11/27 12:00:55 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
    DRV:64bit: - [2012/05/25 01:27:42 | 011,175,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/05/24 23:54:34 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
    DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
    DRV:64bit: - [2012/04/18 09:16:50 | 000,090,624 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/03/31 18:47:18 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
    DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
    DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
    DRV:64bit: - [2012/02/27 03:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/02/27 03:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/02/27 03:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2011/12/29 13:37:44 | 000,035,120 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
    DRV:64bit: - [2011/12/06 19:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/11/03 13:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/10/20 11:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
    DRV:64bit: - [2011/09/20 16:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2011/07/06 18:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/06/23 11:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/06/23 11:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/05/20 22:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 14:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
    DRV:64bit: - [2011/02/14 00:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/02/08 11:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/17 06:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/16 13:45:38 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
    DRV:64bit: - [2009/03/25 19:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/08/13 20:51:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
    DRV:64bit: - [2000/01/01 08:00:00 | 000,685,672 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2000/01/01 08:00:00 | 000,010,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 FF C9 66 CA FA CC 01 [binary data]
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=28E5B3B6-29BC-41A0-99A6-550AD5C8CB0E
    IE - HKCU\..\SearchScopes\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...1a66c90ef&lang=en&ds=is015&pr=sa&d=2012-05-31 14:36:17&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program Files (x86)\Roozz\nproozz.dll (Roozz.com)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\user\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/16 14:31:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/16 14:31:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 19:38:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 22:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/06 21:34:41 | 000,000,000 | ---D | M]

    [2012/09/01 19:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
    [2012/05/21 10:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/05/21 10:01:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/11/23 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions
    [2012/11/23 20:26:36 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2012/09/01 19:30:03 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
    [2012/10/27 19:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/27 19:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/25 10:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/13 13:35:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
     
  12. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.1.(630).dll
    CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
    CHR - plugin: Roozz plugin (Enabled) = C:\Program Files (x86)\Roozz\nproozz.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: Entanglement = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Flash render quality = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkhhhlbomjpenealmjakmfmlgnbimep\0.10.1.10_1\
    CHR - Extension: Plugins = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.7.0_0\
    CHR - Extension: Cloud Reader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_1\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Fast save = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjfhdngkcjekoehljnfeabiopefhlla\1.1_0\
    CHR - Extension: MaximizeFlash = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljjmflmcnaigbhnheldbdbplkbhngnl\1.1_0\
    CHR - Extension: Poppit = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: FlashControl = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
    CHR - Extension: FastestChrome - Browse Faster = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.9_0\
    CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
    CHR - Extension: Fast save = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\olallcgfigihdnkbnklebmdpckbfnjfc\1.1_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.1_0\

    O1 HOSTS File: ([2012/11/30 14:56:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm File not found
    O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm File not found
    O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm File not found
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm ()
    O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm File not found
    O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm File not found
    O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53F2BC1E-01F1-4806-B216-8F6AAF184D2D}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D}: NameServer = 98.158.112.60 199.127.248.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E18089D-8B59-4DEE-85A4-8EED830558C2}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
    O28 - HKLM ShellExecuteHooks: {4562B511-62E9-4533-B7B2-56A8BB10B482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/01 08:57:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2012/11/30 15:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/30 14:56:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/30 14:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/30 14:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/30 14:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/30 14:18:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/30 14:17:38 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
    [2012/11/29 09:23:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.com
    [2012/11/27 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\BCGameTime
    [2012/11/27 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Bad Piggies HD 1.1.0 Android Apk
    [2012/11/27 20:08:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\What Hi-Fi Sound and Vision Magazine UK December 2012 PDF [RAHMANAT1]
    [2012/11/27 13:04:09 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
    [2012/11/27 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Broadcom
    [2012/11/27 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bluetooth Exchange Folder
    [2012/11/27 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
    [2012/11/27 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
    [2012/11/27 12:01:34 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
    [2012/11/27 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
    [2012/11/27 11:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
    [2012/11/25 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    [2012/11/25 19:51:23 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Apps Magazine UK Issue 26, 2012 [azizex666]
    [2012/11/25 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\PC Advisor Magazine January 2013 [azizex666]
    [2012/11/23 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Newsweek - December 3 2012
    [2012/11/23 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Great Dharma Books 7
    [2012/11/20 20:03:39 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\The.Hunger.Games.2012.RERIP.720p.Bluray.x264.anoXmous
    [2012/11/20 08:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/11/17 11:41:02 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\1600446469_Scienc
    [2012/11/11 13:57:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
    [2012/11/11 13:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
    [2012/11/11 13:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kindle Auto eBook Converter
    [2012/11/11 13:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DjVu Viewer
    [2012/11/11 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DjVu Viewer
    [2012/11/11 12:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2012/11/11 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/11/03 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Octoshape
    [2012/11/03 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Octoshape Streaming Services
    [2012/11/03 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Octoshape
    [2012/11/03 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LeafyVPN
    [2012/11/02 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung Printers
    [2012/11/02 18:00:34 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll
    [2012/11/02 18:00:34 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll
    [2012/11/02 18:00:31 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe
    [2012/11/02 18:00:31 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll
    [2012/11/02 18:00:00 | 000,000,000 | ---D | C] -- C:\Windows\twain_64
    [2012/11/02 17:57:48 | 000,280,064 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\snWIAMUI.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/12/01 09:00:37 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/01 09:00:37 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/01 08:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2012/12/01 08:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/01 08:51:39 | 1904,549,887 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/30 14:56:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/30 14:46:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/30 14:43:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000UA.job
    [2012/11/30 14:17:58 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
    [2012/11/29 09:23:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.com
    [2012/11/29 08:57:33 | 000,480,125 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
    [2012/11/28 21:43:05 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
    [2012/11/28 21:42:24 | 035,693,696 | ---- | M] () -- C:\Users\user\Desktop\Bad Piggies HD-v1.0.0.ipa
    [2012/11/28 20:47:16 | 001,785,791 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/11/27 13:40:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/27 13:40:13 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/27 13:40:13 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/27 13:04:09 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
    [2012/11/27 12:07:24 | 000,052,984 | ---- | M] () -- C:\Windows\Ascd_log.ini
    [2012/11/27 12:04:02 | 000,000,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/11/27 12:02:00 | 000,797,534 | ---- | M] () -- C:\Windows\SysNative\oem137.inf
    [2012/11/27 12:01:09 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
    [2012/11/27 12:01:09 | 000,000,445 | ---- | M] () -- C:\Windows\SysNative\vcredist_x64.bat
    [2012/11/27 12:01:05 | 000,000,446 | ---- | M] () -- C:\Windows\SysWow64\vcredist_x64.bat
    [2012/11/27 12:00:58 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
    [2012/11/27 12:00:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/11/27 11:55:06 | 000,035,499 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2012/11/27 11:54:41 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/11/25 20:04:59 | 083,505,587 | ---- | M] () -- C:\Users\user\Desktop\Android Magazine - Issue 18, 2012.pdf
    [2012/11/25 18:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000Core.job
    [2012/11/16 00:38:33 | 000,310,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/13 00:06:49 | 534,763,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/11 14:06:19 | 011,066,776 | ---- | M] () -- C:\Users\user\Desktop\k2pdfopt.exe
    [2012/11/02 18:05:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/30 14:18:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/30 14:18:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/30 14:18:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/30 14:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/30 14:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/29 08:56:10 | 000,480,125 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
    [2012/11/28 21:43:05 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
    [2012/11/27 20:20:33 | 035,693,696 | ---- | C] () -- C:\Users\user\Desktop\Bad Piggies HD-v1.0.0.ipa
    [2012/11/27 12:04:46 | 000,054,751 | ---- | C] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.0337.0348.hex
    [2012/11/27 12:04:11 | 000,001,290 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyBits Chat.lnk
    [2012/11/27 12:04:02 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/11/27 12:02:09 | 000,797,534 | ---- | C] () -- C:\Windows\SysNative\oem137.inf
    [2012/11/27 12:01:36 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
    [2012/11/27 12:01:33 | 000,000,446 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
    [2012/11/27 12:01:31 | 000,000,445 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
    [2012/11/27 12:00:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/11/27 11:58:05 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
    [2012/11/27 11:56:25 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
    [2012/11/27 11:55:34 | 000,052,984 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/11/27 11:54:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/11/27 11:54:39 | 000,035,499 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/11/25 19:45:11 | 083,505,587 | ---- | C] () -- C:\Users\user\Desktop\Android Magazine - Issue 18, 2012.pdf
    [2012/11/15 14:25:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/15 14:19:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/13 00:06:49 | 534,763,731 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/11/11 14:05:39 | 011,066,776 | ---- | C] () -- C:\Users\user\Desktop\k2pdfopt.exe
    [2012/11/02 18:00:32 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll
    [2012/11/02 18:00:31 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll
    [2012/11/02 18:00:30 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2012/11/02 18:00:30 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe
    [2012/11/02 18:00:30 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt
    [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
    [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
    [2012/07/08 20:26:15 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2012/06/11 21:10:49 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
    [2012/06/10 20:31:45 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2012/06/10 20:31:42 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
    [2012/06/10 20:31:42 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
    [2012/05/31 14:48:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/05/31 14:48:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/05/31 14:48:45 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/02/02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2012/01/23 20:57:20 | 000,000,025 | ---- | C] () -- C:\Users\user\AppData\Roaming\CoreAVC.ini
    [2012/01/06 20:54:10 | 000,012,169 | ---- | C] () -- C:\Users\user\AppData\Roaming\SmarThruOptions.xml
    [2011/12/04 09:43:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/12/04 09:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/12/04 09:43:51 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/12/01 21:25:13 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
    [2011/12/01 07:23:33 | 000,019,968 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/30 21:53:34 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
    [2011/11/30 21:04:32 | 000,021,005 | ---- | C] () -- C:\Windows\SysWow64\w3qmh.dll
    [2011/11/30 20:58:12 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
    [2011/11/30 20:57:54 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
    [2011/11/30 20:57:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
    [2011/11/30 20:57:44 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
    [2011/11/30 20:56:20 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
    [2011/11/30 20:51:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
    [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0
    [2012/07/08 20:04:04 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/17 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
    [2012/05/12 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
    [2012/11/27 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BCGameTime
    [2012/06/11 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\calibre
    [2012/08/10 16:39:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DiskAid
    [2011/12/25 00:04:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
    [2012/06/10 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\driveridentifier
    [2012/01/06 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
    [2012/07/11 10:24:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\f-secure
    [2012/11/02 11:16:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\foobar2000
    [2012/04/06 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake
    [2012/01/01 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
    [2012/05/09 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\J River
    [2012/03/24 13:58:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo
    [2012/02/05 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mkvtoolnix
    [2012/11/30 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mp3tag
    [2012/05/11 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nitro PDF
    [2012/11/03 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Octoshape
    [2011/12/01 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Philipp Winterberg
    [2012/11/27 22:27:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPLive
    [2011/12/31 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPStream
    [2012/10/22 06:56:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\redsn0w
    [2012/03/24 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
    [2012/07/08 18:48:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simply Super Software
    [2011/11/30 22:43:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Stardock
    [2012/05/31 18:59:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SystemRequirementsLab
    [2011/11/30 22:51:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeraCopy
    [2012/07/08 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
    [2012/03/24 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tiger-k
    [2012/12/01 09:12:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/08/28 14:51:19 | 000,043,839 | ---- | M] ()(C:\Users\user\Desktop\中?字?1.xlsx) -- C:\Users\user\Desktop\中华字经1.xlsx
    [2012/08/06 10:31:46 | 000,043,839 | ---- | C] ()(C:\Users\user\Desktop\中?字?1.xlsx) -- C:\Users\user\Desktop\中华字经1.xlsx
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

    < End of report >
     
  13. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    OTL Extras logfile created on: 1/12/2012 8:58:07 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

    7.70 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.73% Memory free
    15.39 Gb Paging File | 13.29 Gb Available in Paging File | 86.31% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 999.90 Gb Total Space | 112.58 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
    Drive D: | 863.02 Gb Total Space | 104.46 Gb Free Space | 12.10% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{61367282-B091-4F1B-99AC-7A20DDF7F8B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{95E4B182-5E42-489D-BE06-D9A40A97DBC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0331DDC5-818C-4BE8-B056-0475E3B7C6A6}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{05EDFD83-3249-4D43-9C8C-858D495CD431}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\chess.exe |
    "{09A152D1-0E63-4DF1-A126-95EAD33DE5D2}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{0FF2FF0D-DE4C-4616-9AB2-59B77CEF9091}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1622EA20-9427-45DB-B61A-99CEAB3A949B}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\tictactoe.exe |
    "{20FB2A99-64AC-4520-888E-C94D1FEF7319}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\checkers.exe |
    "{353B38F3-320B-4650-9820-6DFA814D54C7}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\backgammon.exe |
    "{385E766B-C407-4BA4-9E80-6688246D3E91}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{74FFF4DC-5DCE-42FB-825D-5B974C4CFACF}" = protocol=58 | dir=in | app=system |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9D81EC01-A643-46E6-971D-06767DC40ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A98F82F9-57BC-4FF6-95B8-919085D89305}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B1E89BB0-F1D3-40FD-861C-241847CFD538}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
    "{BA16D8A7-F6F2-4864-AAFC-3521068C1CAA}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E4E069B0-087C-4B1A-BDD4-694D19E90CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ECD9E32E-679A-4AEF-BA08-A094317D5A34}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\seabattle.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1B357E6-9A8D-44DC-A477-8BD729253BF9}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\easychat.exe |
    "{F4EFCE12-E19C-463B-8F74-713C64F91B69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{F6EAB9F5-3202-4E60-97EA-C42111A5EDE5}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{2D495718-D6F9-4CF2-B739-CFFFD03A5ED7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{79804B05-B074-40DE-B9B8-F5BB0F708C2F}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "TCP Query User{7B4C5762-3661-43A8-B85D-A761BA27BABE}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
    "TCP Query User{AF60584B-974A-432D-88BB-964BA5A2296F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{B8AD0133-913B-437B-9364-CA9BA0FE9953}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
    "TCP Query User{D0B7B5FB-263B-4D42-9A38-EFEDF76A0F4D}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "TCP Query User{D65AADBC-1C5F-4D3E-A5F5-9A588E8FB9B2}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe |
    "UDP Query User{3321E8B5-2FB8-4659-ABA7-86B23A142CFB}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "UDP Query User{632DB705-31DC-421C-A6F7-66320EDD92C5}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
    "UDP Query User{907608D4-0D51-4B41-9A62-5EC3E0D3EC70}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "UDP Query User{937E6093-470A-4478-B82F-F0B4C93513F7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{E4207C10-4EFB-4E34-B06B-9AC99FE029CA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{ECC1D7AD-5A96-449C-A0F9-4B3312B30266}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe |
    "UDP Query User{EE21A99E-A23C-4B91-AF86-FC11080B478B}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
     
  14. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
    "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{645AE9CF-AF1B-4FBB-9B9D-17A23D03AF10}" = Intel(R) Network Connections 16.1.53.0
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
    "{DE6C496B-D0E2-4906-83F2-7C7493B7DD04}" = Nitro Reader 2
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
    "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
    "Broadcom Wireless Utility" = Broadcom Wireless Utility
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
    "MediaInfo" = MediaInfo 0.7.53
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 16.1.53.0
    "TeraCopy_is1" = TeraCopy 2.27

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
    "{3A959BCB-643A-462F-A692-5B7FE4CE35AC}_is1" = DjVu Viewer version 1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
    "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
    "{D14F064B-F549-462F-BABD-857830FEA0B6}_is1" = PC Tools on-the-fly Scanner 9.0
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F656270D-66A6-41D9-828A-436EE0228D3B}" = calibre
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Audacity_is1" = Audacity 2.0
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "Digital Editions" = Adobe Digital Editions
    "DiskAid_is1" = DiskAid 5.31
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "Everything" = Everything 1.2.1.371
    "Fences" = Fences
    "FLAC" = FLAC 1.2.1b (remove only)
    "foobar2000" = foobar2000 v1.1.9
    "FormatFactory" = FormatFactory 3.0.1
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "HandBrake" = HandBrake 0.9.6
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Media Center 17" = Media Center 17
    "MKVToolNix" = MKVToolNix 5.2.1
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Mp3tag" = Mp3tag v2.50
    "pdfsam" = pdfsam
    "RealPlayer 15.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "Roozz plugin_is1" = Roozz plugin 2.9.8
    "Samsung CLX-3170 Series" = Samsung CLX-3170 Series
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "Samsung Universal Scan Driver" = Samsung Universal Scan Driver
    "Smart Defrag 2_is1" = Smart Defrag 2
    "uTorrent" = µTorrent
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 2.0.4
    "WheelMouse" = Advanced Wheel Mouse 6.0.0.011
    "winscp3_is1" = WinSCP 4.3.2

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "MyFreeCodec" = MyFreeCodec
    "Octoshape Streaming Services" = Octoshape Streaming Services

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/7/2012 8:49:37 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
    Description = The program uTorrent.exe version 3.1.3.27220 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 640 Start
    Time: 01cd5d0631d34a06 Termination Time: 7 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe
    Report
    Id: 5d234e24-c8fb-11e1-a5bd-1c6f65c9515d

    Error - 8/7/2012 9:01:16 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
    Description = The program uTorrent.exe version 3.1.3.27220 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1938 Start
    Time: 01cd5d0822c798b8 Termination Time: 7 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe
    Report
    Id: fe7989f1-c8fc-11e1-a5bd-1c6f65c9515d

    Error - 8/7/2012 8:38:32 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 9/7/2012 1:41:36 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 5.0.94.0, time stamp:
    0x4e7b0032 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00c534e4 Faulting process id: 0x870 Faulting application
    start time: 0x01cd5d7a166706c0 Faulting application path: C:\Program Files\ESET\ESET
    NOD32 Antivirus\x86\ekrn.exe Faulting module path: unknown Report Id: bf250da5-c988-11e1-be36-1c6f65c9515d

    Error - 9/7/2012 10:37:50 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
    Description = The program chrome.exe version 20.0.1132.47 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: f14 Start
    Time: 01cd5de049ea790d Termination Time: 5 Application Path: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    Report
    Id: 9e7941cc-c9d3-11e1-a1f4-1c6f65c9515d

    Error - 9/7/2012 11:37:45 PM | Computer Name = user-PC | Source = Application Hang | ID = 1002
    Description = The program chrome.exe version 20.0.1132.47 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: df8 Start
    Time: 01cd5e49f542c767 Termination Time: 5 Application Path: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    Report
    Id: 94e841bb-ca40-11e1-aa8e-1c6f65c9515d

    Error - 9/7/2012 11:56:24 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 13/7/2012 10:19:10 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: WDFME.exe, version: 1.4.5.2, time stamp:
    0x4d77d26b Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
    0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process id:
    0xacc Faulting application start time: 0x01cd616532fecb90 Faulting application path:
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    Faulting
    module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
    Report
    Id: 4b885c9a-cd5a-11e1-a10f-1c6f65c9515d

    Error - 15/7/2012 12:01:35 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 16/7/2012 9:48:59 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 30/11/2012 2:10:41 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20

    Error - 30/11/2012 2:38:27 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 30/11/2012 2:38:47 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20

    Error - 30/11/2012 2:52:01 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 30/11/2012 2:53:40 AM | Computer Name = user-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 30/11/2012 2:54:55 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 30/11/2012 2:55:36 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 30/11/2012 2:55:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20

    Error - 30/11/2012 8:51:30 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 30/11/2012 8:51:51 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%20


    < End of report >
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  16. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\user\Desktop\cmd.bat deleted successfully.
    C:\Users\user\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: PlayOnHD
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 546228 bytes
    ->Temporary Internet Files folder emptied: 30383304 bytes
    ->Java cache emptied: 204269 bytes
    ->FireFox cache emptied: 305007611 bytes
    ->Google Chrome cache emptied: 217481395 bytes
    ->Flash cache emptied: 68163 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2566030 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 840410915 bytes

    Total Files Cleaned = 1,332.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12022012_114902

    Files\Folders moved on Reboot...
    C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  17. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    Hi there,

    ran the eset online and there was no threat found. but the easybits programs are still there.

    thanks!
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    SystemLook x64 scan

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  19. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    SystemLook 30.07.11 by jpshortstuff
    Log created at 07:43 on 03/12/2012 by user
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*easybit*"
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\EasyBits Tic-Tac-Toe.swf--a---- 113098 bytes[08:52 19/01/2011][08:52 19/01/2011] 323895ECC8216F539B64F0CF8BA885ED
    ========== folderfind ==========
    Searching for "*easybit*"
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Gamesd------[04:03 27/11/2012]
    ========== regfind ==========
    Searching for "easybit"
    [HKEY_CURRENT_USER\Software\EasyBits]
    [HKEY_CURRENT_USER\Software\EasyBits\BCGameTime]
    "Plugins Root"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
    "ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
    "ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
    "AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
    "Title"="EasyBits Chess (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
    "Description"="EasyBits Chess (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
    "ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
    "ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
    "AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
    "Title"="EasyBits Backgammon (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
    "Description"="EasyBits Backgammon (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
    "ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
    "ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
    "AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
    "Title"="EasyBits Checkers (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
    "Description"="EasyBits Checkers (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
    "ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
    "ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
    "AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
    "Title"="EasyBits Sea Battle (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
    "Description"="EasyBits Sea Battle (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
    "ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
    "ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
    "AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
    "Title"="EasyBits Tic-Tac-Toe (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
    "Description"="EasyBits Tic-Tac-Toe (Multiplayer)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FA929D6CBDF5424B95B5E6B943CA32B]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51496F2F7A5D27E4EB7F93B29A21B6B3]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DE67C4B38391904C895CFC9ED55DFAC]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8165063A35FEC504FB56DB38BB48FAE5]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98EDF2F1586B6AE41860027FF2C17CCB]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7A9F86F966BEE5498EFC0D4F353A2CD]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEF07E12D8FD98F4BBE92C1A361A56C1]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D31E2468C7EB7644D84423C5FBC4DE67]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D93809629264C6A46AD4C4ACEA269F00]
    "3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\InprocServer32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
    @="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
    [HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits]
    [HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits\BCGameTime]
    "Plugins Root"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games"
    -= EOF =-
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Let me know if EasyBits issue is gone. :)
     
  21. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    All processes killed
    ========== FILES ==========
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29 folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1 folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2 folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games folder moved successfully.
    C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games folder moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\EasyBits\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B750581-9399-4982-9DE9-9FF5C980C4B6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
    Registry key HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: PlayOnHD
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 133281 bytes
    ->Temporary Internet Files folder emptied: 23939944 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 274144710 bytes
    ->Flash cache emptied: 1308 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4726 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2357746 bytes

    Total Files Cleaned = 287.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12042012_090347
    Files\Folders moved on Reboot...
    C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  22. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    Hey DMJ,
    Thanks! The Easybit files are gone. Incidentally, are you able to tell how I got infected so I'd more carefully in future.

    Paul
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You had some adware, which can happen through a variety of events. Mostly, adware gets installed by first installing other programs, then the adware was attached. Usually this happens when you use download sites, off-sites for the specific download, or actually downloading adware itself (unsuspectingly).

    I'd be happy to give recommendations, but we need to finish up first and I need info from Security Check tool, so I can help your computer get protected, as well. :)

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  24. hokokhua

    hokokhua TS Rookie Topic Starter Posts: 40

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET Smart Security 5.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Flash Player 11.5.502.110
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox 16.0.2 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Firefox update

    Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.