Solved Sirefef.FC trojan Infection

R

RiceFusion

Posts: 24   +0
Hello. My NOD32 recently detected Sirefef.FC trojan and is unable to delete it.
Following message pops up:
Object: Operating memory > C:\windows\system32\services.exe
Threat: Win32/Sirefef.FC trojan

Any help would be deeply appreciated.
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
abc :: abc-PC [administrator]
08/07/2012 01:25:13
mbam-log-2012-07-08 (01-25-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244717
Time elapsed: 15 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-08 02:09:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: pojybror.exe; Driver: C:\Users\abc\AppData\Local\Temp\ugloypow.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryDirectoryFile [0x9F62B842]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by abc at 3:11:42 on 2012-07-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.1776 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\windows\system32\nPStarterSVC.exe
C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\npnj5Agent.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\igfxext.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\GamingMouse\hid.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\.\globalroot\systemroot\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://google.ee/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar =
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = 219.223.252.137:1080
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\abc\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "c:\users\abc\appdata\local\akamai\netsession_win.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
mRun: [fsn] c:\program files\phoenix technologies ltd\failsafe\FailSafeNotifier.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Xfire Music] "c:\program files\xfire\xfiremusic.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GamingMouse] c:\program files\gamingmouse\hid.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ProxyCap] c:\progra~1\proxyl~1\proxycap\pcapui.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\abc\appdata\roaming\micros~1\windows\startm~1\programs\startup\creati~1.lnk - c:\program files\creative element power tools\Startup.exe
StartupFolder: c:\users\abc\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All By FlashGet3 - c:\users\abc\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\abc\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\abc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\abc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: pcapwsp.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: crunchyroll.com\www
Trusted Zone: kuaiche.com\software
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxp://auth.siren24.com/infovine/VineTransfer.cab
DPF: {C8223F3A-1420-4245-88F2-D874FC081574} - hxxps://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\350756564645F6573686936423935383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\35B4956343342444 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\4586F6D637F6E6034313538344 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\abc\appdata\roaming\mozilla\firefox\profiles\lplktduk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - prefs.js: network.proxy.ftp - 202.158.150.175
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55111
FF - prefs.js: network.proxy.socks - 202.158.150.175
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 202.158.150.175
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\infovine\NpkiCard.dll
FF - plugin: c:\program files\infovine\npVineTransfer.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\opera\program\plugins\npMegaPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\plaync\ncplugin\npncllm3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\abc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\abc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npCmn.dll
FF - plugin: c:\windows\system32\npeutilex.dll
FF - plugin: c:\windows\system32\nPFW.dll
FF - plugin: c:\windows\system32\nPFWFlt.dll
FF - plugin: c:\windows\system32\npidsx.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npOrdInstruct.dll
FF - plugin: c:\windows\system32\npstarterctrl.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-7 15672]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-9 218688]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-5 214664]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-5 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-25 497496]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-2-22 133512]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-2-22 96896]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-8 654408]
R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe [2010-5-25 250145]
R2 pcapsvc;ProxyCap Service;c:\program files\proxy labs\proxycap\pcapsvc.exe [2012-2-17 1372160]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-5-29 1528672]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-7-15 17984]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-8 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-5-8 10064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-2-15 322336]
S2 AMService;AMService;c:\windows\temp\eulejr\setup.exe run --> c:\windows\temp\eulejr\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-5 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-5 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-5 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-7-27 81168]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-28 129976]
S3 msfilter;Blaze Gaming Mouse;c:\windows\system32\drivers\msfilter.sys [2011-12-23 20864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;c:\windows\system32\NPIdsVt.sys [2012-1-22 47712]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2012-1-20 3567]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-3-23 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-08 11:03:38 -------- d-----w- C:\FRST
2012-07-08 02:11:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b128e9c1-1546-4ab3-ac6d-e21dd62e0180}\offreg.dll
2012-07-08 00:23:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 00:23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-06 22:34:01 -------- d--h--w- c:\windows\PIF
2012-07-06 22:26:27 -------- d-----w- C:\microsoft
2012-07-05 16:47:32 -------- d-----w- c:\users\abc\appdata\local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
2012-07-05 16:47:07 -------- d-----w- c:\users\abc\appdata\local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
2012-07-03 15:02:13 -------- d-----w- c:\users\abc\appdata\local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
2012-07-03 15:01:59 -------- d-----w- c:\users\abc\appdata\local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
2012-07-03 14:05:08 -------- d-----w- c:\users\abc\appdata\local\Macromedia
2012-07-03 11:00:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-03 06:50:13 -------- d-----w- c:\users\abc\appdata\local\{07A7090A-D502-484D-B74C-B8EA458005EA}
2012-07-03 06:49:54 -------- d-----w- c:\users\abc\appdata\local\{DCB51446-C936-454A-9C19-10E677B52B6B}
2012-07-02 00:50:48 -------- d-----w- c:\users\abc\appdata\local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
2012-06-30 16:11:11 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b128e9c1-1546-4ab3-ac6d-e21dd62e0180}\mpengine.dll
2012-06-30 15:55:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-30 15:55:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-06-30 15:55:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-06-30 15:55:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-06-30 15:55:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-30 15:55:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-30 15:54:59 748664 ----a-w- c:\program files\internet explorer\iexplore.exe
2012-06-30 15:54:59 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-30 15:54:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-06-30 15:54:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-06-30 15:54:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-30 15:43:44 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 15:41:48 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-06-30 15:33:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 15:33:17 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 15:32:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 15:32:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 13:03:51 -------- d-----w- c:\program files\Core Temp
2012-06-30 06:17:58 -------- d-----w- c:\users\abc\appdata\local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
2012-06-29 05:32:13 -------- d-----w- c:\users\abc\appdata\local\{831F87B7-737E-4174-8957-42C378BC2C7D}
2012-06-29 05:31:48 -------- d-----w- c:\users\abc\appdata\local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
2012-06-28 20:23:07 -------- d-----w- c:\users\abc\appdata\local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
2012-06-27 18:27:27 -------- d-----w- c:\users\abc\appdata\local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
2012-06-27 00:59:23 -------- d-----w- c:\users\abc\appdata\local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
2012-06-27 00:59:08 -------- d-----w- c:\users\abc\appdata\local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
2012-06-26 15:37:41 -------- d-----w- c:\users\abc\appdata\local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
2012-06-26 14:16:13 -------- d-----w- c:\users\abc\appdata\local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
2012-06-25 18:23:25 -------- d-----w- c:\users\abc\appdata\local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
2012-06-23 10:38:49 -------- d-----w- c:\users\abc\appdata\local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
2012-06-23 10:38:27 -------- d-----w- c:\users\abc\appdata\local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
2012-06-23 07:02:47 -------- d-----w- c:\users\abc\appdata\local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
2012-06-22 23:43:38 -------- d-----w- c:\users\abc\appdata\local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
2012-06-22 23:43:15 -------- d-----w- c:\users\abc\appdata\local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
2012-06-22 05:38:40 -------- d-----w- c:\users\abc\appdata\local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
2012-06-20 14:00:22 -------- d-----w- c:\users\abc\appdata\local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
2012-06-20 14:00:11 -------- d-----w- c:\users\abc\appdata\local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
2012-06-20 13:58:09 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-20 13:57:06 15712 ----a-w- c:\program files\common files\windows live\.cache\93bc8c7c1cd4eec01\MeshBetaRemover.exe
2012-06-20 13:22:28 -------- d-----w- c:\users\abc\appdata\local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
2012-06-20 13:22:07 -------- d-----w- c:\users\abc\appdata\local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
2012-06-20 12:26:01 -------- d-----w- c:\users\abc\appdata\local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
2012-06-20 12:25:38 -------- d-----w- c:\users\abc\appdata\local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
2012-06-19 09:02:56 -------- d-----w- c:\users\abc\appdata\local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
2012-06-18 20:59:22 -------- d-----w- c:\users\abc\appdata\local\{001B426A-7AEE-464F-9187-771967E1F799}
2012-06-17 22:57:48 56288 ----a-w- c:\windows\system32\VineTransfer.ocx
2012-06-17 22:57:48 -------- d-----w- c:\program files\INFovine
2012-06-17 22:57:47 48104 ----a-w- c:\windows\system32\UbiKeyUninstall.exe
2012-06-17 22:57:47 39904 ----a-w- c:\windows\system32\UbiKeyWin32.dll
2012-06-17 22:57:47 39896 ----a-w- c:\windows\system32\UbiKey.dll
2012-06-17 22:56:17 -------- d-----w- c:\program files\DreamSecurity
2012-06-17 21:29:10 -------- d-----w- c:\users\abc\appdata\roaming\com.tfhz.air.player
2012-06-15 15:47:30 -------- d-----w- c:\users\abc\appdata\local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
2012-06-14 01:55:13 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-06-14 01:48:20 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-14 01:48:20 -------- d--h--w- c:\programdata\Common Files
2012-06-14 01:34:14 -------- d-----w- c:\users\abc\appdata\roaming\Wireshark
2012-06-14 01:01:20 -------- d-----w- c:\program files\WinPcap
2012-06-14 01:00:47 -------- d-----w- c:\program files\Wireshark
2012-06-12 10:09:34 -------- d-----w- c:\users\abc\appdata\local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
2012-06-12 10:09:03 -------- d-----w- c:\users\abc\appdata\local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
2012-06-11 22:44:03 -------- d-----w- c:\program files\LAV Filters
2012-06-11 05:10:25 -------- d-----w- c:\users\abc\appdata\local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
2012-06-11 05:10:05 -------- d-----w- c:\users\abc\appdata\local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
2012-06-10 21:37:38 -------- d-----w- c:\users\abc\appdata\local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
2012-06-10 21:37:20 -------- d-----w- c:\users\abc\appdata\local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
2012-06-08 22:17:36 -------- d-----w- c:\users\abc\appdata\local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
2012-06-08 22:17:12 -------- d-----w- c:\users\abc\appdata\local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
2012-06-08 22:11:25 -------- d-----w- c:\users\abc\appdata\local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
2012-06-08 22:11:02 -------- d-----w- c:\users\abc\appdata\local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
2012-06-08 21:58:40 -------- d-----w- c:\users\abc\appdata\local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
2012-06-08 21:58:17 -------- d-----w- c:\users\abc\appdata\local\{97E292A8-00D6-4ECB-8568-04970597C97D}
2012-06-08 20:12:10 -------- d-----w- c:\users\abc\appdata\local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
2012-06-08 20:11:48 -------- d-----w- c:\users\abc\appdata\local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
2012-06-08 20:09:47 -------- d-----w- c:\users\abc\appdata\local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
2012-06-08 20:09:24 -------- d-----w- c:\users\abc\appdata\local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
2012-06-08 15:47:40 -------- d-----w- c:\users\abc\appdata\local\{1AE509B9-4C77-45DF-8874-2AB4CAEB81B9}
2012-06-08 15:47:22 -------- d-----w- c:\users\abc\appdata\local\{0958F1D1-B5BD-47B3-B747-2518DDEA05DB}
.
==================== Find3M ====================
.
2012-06-22 23:37:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 23:37:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 20:42:33 256 ----a-w- c:\windows\system32\pool.bin
2012-05-29 19:46:48 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 19:46:46 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-05-15 06:30:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-15 06:30:58 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-15 06:30:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-15 06:30:58 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-04 09:59:54 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-03 02:54:46 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-11 15:40:28 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-04-09 21:34:20 3957088 ----a-w- c:\windows\system32\GameMon.des
2010-05-07 20:13:40 6 ----a-w- c:\program files\common files\UnInstallCompleted.tmp
.
============= FINISH: 3:14:51.49 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 24/03/2010 17:36:50
System Uptime: 08/07/2012 03:06:37 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 8.822 GiB free.
D: is FIXED (NTFS) - 141 GiB total, 14.093 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP575: 07/07/2012 19:54:55 - Windows Modules Installer
RP576: 07/07/2012 19:56:06 - Windows Modules Installer
RP577: 07/07/2012 19:56:56 - Windows Modules Installer
RP578: 07/07/2012 19:57:22 - Windows Modules Installer
RP579: 07/07/2012 19:58:10 - Windows Modules Installer
RP580: 07/07/2012 19:58:49 - Windows Modules Installer
RP581: 07/07/2012 19:59:24 - Windows Modules Installer
RP582: 07/07/2012 20:01:30 - Windows Modules Installer
RP583: 07/07/2012 20:05:49 - Windows Modules Installer
.
==== Installed Programs ======================
.
ÈÞ´ëÆùÀÎÁõ¼(º¸°ü)¼ºñ½º
24hz ????
7-Zip 9.20
AC3Filter (remove only)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Advanced SystemCare 5
AIDA64 Extreme Edition v2.00
Akamai NetSession Interface
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
µTorrent
Audiosurf
AutoIt v3.3.6.1
Bandisoft MPEG-1 Decoder
BatteryLifeExtender
Bing Bar Platform
BitTorrent
BlackBerry Desktop Software 7.0
BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
Bonjour
BS.Player FREE
Carte 0.9.58
Cheat Engine 6.0
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Core Temp 1.0 RC3
Creative Element Power Tools
Cultris II
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DivXMuxGUI
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
ESET NOD32 Antivirus
Facebook Video Calling 1.2.0.159
ffdshow v1.1.3562 [2010-09-07]
FLAC 1.2.1b (remove only)
FlashGet 3.3
Free Audio CD Burner version 1.4.7
Free Mp3 Wma Ogg Converter 7.1.1
Free Studio version 5.1.4
Free YouTube Download 2.9
Free YouTube to MP3 Converter version 3.9.35.324
Game Booster 3
GamingMouse
GDMO
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Haali Media Splitter
Hide IP Platinum 3.5
Hotspot Shield 2.53
HP Deskjet 3050 J610 series Basic Device Software
HxD Hex Editor version 1.7.7.0
HyperCam 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Keynote Connector
LAV Filters 0.50.5
League of Legends
MagicLineMBX
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mkv2vob
MKVtoolnix 4.3.0
MotioninJoy ds3 driver version 0.6.0003
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCLauncher (plaync)
Nexon Game Manager
NifSkope (remove only)
Notepad++
nProtect Netizen SVC (remove only)
OGA Notifier 2.0.0048.0
OGPlanet Game Launcher
OGPlanet Game Launcher Europe
Opera 10.63
PHANTASY STAR ONLINE 2
Protected Folder
ProxyCap
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SamsungMovie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
Smart Defrag 2
Speeditup Free 4.90
System Requirements Lab
System Requirements Lab for Intel
The Core Media Player 4.0
The KMPlayer (remove only)
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
Unity Web Player
Unlocker 1.9.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
User Guide
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
VMware Workstation
Windows Driver Package - Blaze (HidUsb) HIDClass (03/08/2010 1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHex
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.6.8 (32-bit)
Wolfenstein - Enemy Territory
XChat 2 (remove only)
Xfire (remove only)
Xfire Plus: Music Plugin
XfireXO Toolbar
Yu-Gi-Oh! ONLINE 3
.
==== Event Viewer Messages From Past Week ========
.
08/07/2012 03:09:06, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
08/07/2012 03:08:07, Error: Service Control Manager [7001] -
08/07/2012 03:07:43, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
07/07/2012 20:40:24, Error: volmgr [46] - Crash dump initialization failed!
07/07/2012 18:32:53, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user abc-PC\Guest SID (S-1-5-21-1871111397-3539990770-1974983793-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
06/07/2012 12:51:54, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
Ran by SYSTEM at 08-07-2012 03:03:58
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe" [13312 2009-10-20] (DoctorSoft)
HKLM\...\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe [137792 2010-03-25] ()
HKLM\...\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe" [253650 2006-11-20] ()
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [GamingMouse] C:\Program Files\GamingMouse\hid.exe [240640 2010-07-16] ()
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [138008 2011-10-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [171288 2011-10-13] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [172824 2011-10-13] (Intel Corporation)
HKLM\...\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe [1441792 2012-02-17] (Proxy Labs)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Guest\...\Run: [frdepbt] "c:\users\abc\appdata\local\frdepbt.exe" frdepbt [x]
HKU\Guest\...\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI [2275328 2008-06-09] (MicroSmarts LLC.)
HKU\Guest\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Guest\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [112400 2011-09-13] (www.motioninjoy.com)
HKU\Guest\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Guest\...\Run: [Akamai NetSession Interface] "C:\Users\abc\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\Guest\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [x]
HKU\Guest\...\Run: [Facebook Update] "C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-05-27] (Facebook Inc.)
HKU\abc\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-20] (BitTorrent, Inc.)
HKU\abc\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\abc\...\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI [2275328 2008-06-09] (MicroSmarts LLC.)
HKU\abc\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\abc\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [112400 2011-09-13] (www.motioninjoy.com)
HKU\abc\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\abc\...\Run: [Akamai NetSession Interface] "C:\Users\abc\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\abc\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [620376 2011-12-29] (IObit)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\abc\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
ShortcutTarget: Creative Element Power Tools Startup.lnk -> C:\Program Files\Creative Element Power Tools\Startup.exe (Creative Element)
Startup: C:\Users\abc\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
================================ Services (Whitelisted) ==================
2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33560 2010-02-22] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810120 2010-02-22] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-15] (AnchorFree Inc.)
3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 npggsvc; C:\windows\system32\GameMon.des -service [3957088 2012-04-09] (INCA Internet Co., Ltd.)
2 nPStarterSVC; C:\windows\system32\nPStarterSVC.exe [250145 2010-05-25] (INCA Internet Co., Ltd.)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 pcapsvc; "C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe" [1372160 2012-02-17] (Proxy Labs)
2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [75064 2010-07-23] ()
2 PnkBstrB; C:\windows\system32\PnkBstrB.exe [214816 2010-08-04] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies)
2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe" [1528672 2012-05-29] (TuneUp Software)
2 VMnetDHCP; C:\windows\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [563760 2010-01-22] (VMware, Inc.)
2 VMware NAT Service; C:\windows\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
2 AMService; C:\windows\TEMP\eulejr\setup.exe run [x]
2 datunidr; C:\Windows\System32\dlaboiom.dll [x]
2 hpqcxs08; C:\Windows\System32\odserv.dll [x]
2 imagedrv; C:\Windows\System32\wstcodec.dll [x]
2 irmon; C:\Windows\System32\vrmonsvc.dll [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
3 ufad-ws60; "C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
2 VMAuthdService; "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" [x]
========================== Drivers (Whitelisted) =============
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-08] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133512 2010-02-22] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [114984 2010-02-22] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96896 2010-02-22] (ESET)
2 hcmon; \??\C:\windows\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-04-11] (AnchorFree Inc.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [127488 2010-03-14] (Intel(R) Corporation)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-11-11] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-11-11] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-11-11] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-11] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-11] (McAfee, Inc.)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [81168 2011-01-01] (MotioninJoy)
3 msfilter; C:\Windows\System32\drivers\msfilter.sys [20864 2010-04-13] ()
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 NPIDS; \??\C:\windows\system32\NpIdsVt.sys [47712 2010-05-13] (INCA Internet Co., Ltd.)
3 NPPTNT2; \??\C:\windows\system32\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
3 PnkBstrK; \??\C:\windows\system32\drivers\PnkBstrK.sys [138328 2010-08-04] ()
3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic http://www.beyondlogic.org)
1 SABI; \??\C:\windows\system32\Drivers\SABI.sys [10752 2009-05-27] (SAMSUNG ELECTRONICS)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-04-06] (AnchorFree Inc)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
2 vmci; \??\C:\windows\system32\Drivers\vmci.sys [70704 2010-01-22] (VMware, Inc.)
3 vmkbd; \??\C:\windows\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2010-01-22] (VMware, Inc.)
2 VMnetuserif; \??\C:\windows\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
2 vmx86; \??\C:\windows\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
2 windrvNT; \??\C:\windows\system32\windrvNT.sys [35363 2010-07-14] ()
2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [17984 2010-07-14] ()
3 WinVd32; \??\C:\windows\system32\WinVd32.sys [180224 2010-07-14] ()
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [322336 2010-02-15] (Marvell)
3 ALSysIO; \??\C:\Users\abc\AppData\Local\Temp\ALSysIO.sys [x]
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [x]
3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [x]
3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [x]
2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [x]
3 vtany; \??\C:\windows\vtany.sys [x]
3 XDva346; \??\C:\windows\system32\XDva346.sys [x]
3 XDva347; \??\C:\windows\system32\XDva347.sys [x]
3 XDva349; \??\C:\windows\system32\XDva349.sys [x]
3 XDva370; \??\C:\windows\system32\XDva370.sys [x]
3 XDva375; \??\C:\windows\system32\XDva375.sys [x]
3 XDva380; \??\C:\windows\system32\XDva380.sys [x]
3 XDva385; \??\C:\windows\system32\XDva385.sys [x]
3 XDva387; \??\C:\windows\system32\XDva387.sys [x]
3 XDva388; \??\C:\windows\system32\XDva388.sys [x]
3 XDva389; \??\C:\windows\system32\XDva389.sys [x]
3 XDva390; \??\C:\windows\system32\XDva390.sys [x]
3 XDva391; \??\C:\windows\system32\XDva391.sys [x]
3 XDva393; \??\C:\windows\system32\XDva393.sys [x]
3 XDva394; \??\C:\windows\system32\XDva394.sys [x]
3 xhunter1; \??\C:\windows\xhunter1.sys [x]
========================== NetSvcs (Whitelisted) ===========
NETSVC: imagedrv -> C:\Windows\system32\wstcodec.dll ==> No File.
NETSVC: tmactmon -> No Registry Path.
NETSVC: SE2Bbus -> No Registry Path.
NETSVC: epgspooler -> No Registry Path.
NETSVC: awlegacy -> No Registry Path.
NETSVC: GENERICDRV -> No Registry Path.
NETSVC: icdsptsv -> No Registry Path.
NETSVC: lyncusbserv -> No Registry Path.
NETSVC: WD_FireWire_HID -> No Registry Path.
NETSVC: STV680 -> No Registry Path.
NETSVC: ScFBPNT2 -> No Registry Path.
NETSVC: tbaspi -> No Registry Path.
NETSVC: lxce_device -> No Registry Path.
NETSVC: vetfddnt -> No Registry Path.
NETSVC: zebrsce -> No Registry Path.
NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.
NETSVC: bmwebcfg -> No Registry Path.
NETSVC: grmnusb -> No Registry Path.
NETSVC: elagopro -> No Registry Path.
NETSVC: SQTECH905C -> No Registry Path.
NETSVC: iviVD -> No Registry Path.
NETSVC: s117mdm -> No Registry Path.
NETSVC: modemcsa -> No Registry Path.
NETSVC: dlbx_device -> No Registry Path.
NETSVC: basic2 -> No Registry Path.
NETSVC: hpqcxs08 -> C:\Windows\system32\odserv.dll ==> No File.
NETSVC: CiscoVpnInstallService -> No Registry Path.
NETSVC: djsnetcn -> No Registry Path.
NETSVC: NWADI -> No Registry Path.
NETSVC: datunidr -> C:\Windows\system32\dlaboiom.dll ==> No File.
 
============ One Month Created Files and Folders ==============
2012-07-07 17:11 - 2012-07-07 17:11 - 00607260 ____R (Swearware) C:\Users\abc\Desktop\dds.scr
2012-07-07 17:09 - 2012-07-07 17:09 - 00000593 ____A C:\Users\abc\Desktop\gmer.log
2012-07-07 16:54 - 2012-07-07 16:54 - 00302592 ____A C:\Users\abc\Desktop\pojybror.exe
2012-07-07 16:23 - 2012-07-07 16:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 16:23 - 2012-07-07 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-07 16:23 - 2012-04-04 06:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-07 16:21 - 2012-07-07 16:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\abc\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 15:23 - 2011-02-07 09:15 - 323022919 ____A C:\Users\abc\Desktop\Full.House.E08.2004.iCEDRAMA.480p.Lynx.877593B9.mkv
2012-07-07 15:06 - 2012-07-07 15:10 - 68798269 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.002
2012-07-07 15:05 - 2012-07-07 15:14 - 209715200 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.001
2012-07-07 11:50 - 2012-07-07 12:41 - 00000253 ____A C:\Users\abc\Desktop\FSS.txt
2012-07-07 11:49 - 2012-07-07 11:49 - 00341299 ____A C:\Users\abc\Downloads\FSS.exe
2012-07-07 11:39 - 2012-07-07 11:39 - 00003352 ____N C:\bootsqm.dat
2012-07-06 14:34 - 2012-07-06 14:34 - 00000000 ___HD C:\Windows\PIF
2012-07-05 08:47 - 2012-07-05 08:47 - 00000000 ____D C:\Users\abc\AppData\Local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
2012-07-05 08:47 - 2012-07-05 08:47 - 00000000 ____D C:\Users\abc\AppData\Local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
2012-07-03 07:02 - 2012-07-03 07:02 - 00000000 ____D C:\Users\abc\AppData\Local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
2012-07-03 07:01 - 2012-07-03 07:02 - 00000000 ____D C:\Users\abc\AppData\Local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
2012-07-03 06:05 - 2012-07-03 06:05 - 00000000 ____D C:\Users\abc\AppData\Local\Macromedia
2012-07-03 03:00 - 2012-07-03 03:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-02 22:50 - 2012-07-02 22:50 - 00000000 ____D C:\Users\abc\AppData\Local\{07A7090A-D502-484D-B74C-B8EA458005EA}
2012-07-02 22:49 - 2012-07-02 22:50 - 00000000 ____D C:\Users\abc\AppData\Local\{DCB51446-C936-454A-9C19-10E677B52B6B}
2012-07-01 16:50 - 2012-07-01 16:50 - 00000000 ____D C:\Users\abc\AppData\Local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
2012-06-30 07:55 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-30 07:55 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-30 07:55 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-30 07:55 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-30 07:55 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-30 07:55 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-30 07:55 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-30 07:54 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-30 07:54 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-30 07:54 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-30 07:54 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-30 07:54 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-30 07:54 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-30 07:54 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-30 07:44 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-30 07:44 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-30 07:44 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-30 07:44 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-30 07:44 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-30 07:44 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-30 07:44 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-30 07:44 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-30 07:44 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-30 07:44 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-30 07:44 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-06-30 07:44 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-30 07:44 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-30 07:44 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-30 07:43 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-30 07:41 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-30 07:33 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-30 07:33 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-30 07:33 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-30 07:33 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-30 07:33 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-30 07:33 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-30 07:33 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-30 07:32 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-30 07:32 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-29 23:37 - 2012-06-29 23:37 - 00000048 ____A C:\Users\abc\Desktop\c.txt
2012-06-29 22:17 - 2012-06-29 22:17 - 00000000 ____D C:\Users\abc\AppData\Local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
2012-06-28 21:32 - 2012-06-28 21:32 - 00000000 ____D C:\Users\abc\AppData\Local\{831F87B7-737E-4174-8957-42C378BC2C7D}
2012-06-28 21:31 - 2012-06-28 21:32 - 00000000 ____D C:\Users\abc\AppData\Local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
2012-06-28 12:23 - 2012-06-28 12:23 - 00000000 ____D C:\Users\abc\AppData\Local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
2012-06-27 10:27 - 2012-06-27 10:27 - 00000000 ____D C:\Users\abc\AppData\Local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
2012-06-26 16:59 - 2012-06-26 16:59 - 00000000 ____D C:\Users\abc\AppData\Local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
2012-06-26 16:59 - 2012-06-26 16:59 - 00000000 ____D C:\Users\abc\AppData\Local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
2012-06-26 16:56 - 2012-06-26 16:56 - 00000000 ____A C:\Windows\System32\cd.dat
2012-06-26 16:55 - 2012-06-26 16:55 - 00146152 ____A C:\Windows\Minidump\062712-23181-01.dmp
2012-06-26 07:37 - 2012-06-26 07:37 - 00000000 ____D C:\Users\abc\AppData\Local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
2012-06-26 06:16 - 2012-06-26 06:16 - 00000000 ____D C:\Users\abc\AppData\Local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
2012-06-25 10:23 - 2012-06-25 10:23 - 00000000 ____D C:\Users\abc\AppData\Local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
2012-06-24 02:54 - 2012-06-24 02:54 - 00011109 ____A C:\Users\Guest\Downloads\veselie_kanikuly_[tfile.ru].avi.torrent
2012-06-23 13:45 - 2012-06-23 15:28 - 00000000 ____D C:\Users\Guest\Desktop\New folder
2012-06-23 02:38 - 2012-06-23 02:38 - 00000000 ____D C:\Users\abc\AppData\Local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
2012-06-23 02:38 - 2012-06-23 02:38 - 00000000 ____D C:\Users\abc\AppData\Local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
2012-06-23 01:11 - 2012-06-23 01:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Macromedia
2012-06-22 23:02 - 2012-06-22 23:02 - 00000000 ____D C:\Users\abc\AppData\Local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
2012-06-22 15:43 - 2012-06-22 15:43 - 00000000 ____D C:\Users\abc\AppData\Local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
2012-06-22 15:43 - 2012-06-22 15:43 - 00000000 ____D C:\Users\abc\AppData\Local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\abc\AppData\Local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____D C:\Users\abc\AppData\Local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____D C:\Users\abc\AppData\Local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
2012-06-20 05:58 - 2012-03-08 09:32 - 00039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-06-20 05:22 - 2012-06-20 05:22 - 00000000 ____D C:\Users\abc\AppData\Local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
2012-06-20 05:22 - 2012-06-20 05:22 - 00000000 ____D C:\Users\abc\AppData\Local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
2012-06-20 04:26 - 2012-06-20 04:26 - 00000000 ____D C:\Users\abc\AppData\Local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
2012-06-20 04:25 - 2012-06-20 04:26 - 00000000 ____D C:\Users\abc\AppData\Local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
2012-06-19 13:44 - 2012-06-19 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\ESET
2012-06-19 01:02 - 2012-06-19 01:03 - 00000000 ____D C:\Users\abc\AppData\Local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
2012-06-18 12:59 - 2012-06-19 01:02 - 00000000 ____D C:\Users\abc\AppData\Local\{001B426A-7AEE-464F-9187-771967E1F799}
2012-06-17 15:09 - 2012-06-17 15:09 - 00031502 ____A C:\Users\abc\Downloads\f18t64p389n1.rar
2012-06-17 15:07 - 2012-06-17 15:07 - 00053856 ____A C:\Users\abc\Downloads\KSSN Pack 1 By KssnGiver.rar
2012-06-17 14:57 - 2012-06-17 14:57 - 00000000 ____D C:\Program Files\INFovine
2012-06-17 14:57 - 2011-12-27 00:59 - 00056288 ____A ((?)????) C:\Windows\System32\VineTransfer.ocx
2012-06-17 14:57 - 2011-12-27 00:59 - 00048104 ____A ((?)????) C:\Windows\System32\UbiKeyUninstall.exe
2012-06-17 14:57 - 2011-12-27 00:59 - 00039904 ____A ((?)????) C:\Windows\System32\UbiKeyWin32.dll
2012-06-17 14:57 - 2011-12-27 00:59 - 00039896 ____A ((?)????) C:\Windows\System32\UbiKey.dll
2012-06-17 14:56 - 2012-06-17 14:56 - 00000000 ____D C:\Program Files\DreamSecurity
2012-06-17 13:29 - 2012-06-17 13:29 - 00000000 ____D C:\Users\abc\AppData\Roaming\com.tfhz.air.player
2012-06-17 13:28 - 2012-06-17 13:28 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607 (1).exe
2012-06-16 09:34 - 2012-06-16 09:35 - 00000000 ____D C:\Users\abc\Downloads\delICEr
2012-06-15 07:47 - 2012-06-17 10:34 - 00000000 ____D C:\Users\abc\AppData\Local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
2012-06-13 23:42 - 2012-06-13 23:42 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607.exe
2012-06-13 17:55 - 2012-06-13 17:55 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012
2012-06-13 17:48 - 2012-06-13 17:48 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-13 17:47 - 2012-06-13 17:47 - 38136752 ____A (TuneUp Software) C:\Users\abc\Downloads\TuneUpUtilities2012_en-US.exe
2012-06-13 17:34 - 2012-06-13 17:34 - 00000000 ____D C:\Users\abc\AppData\Roaming\Wireshark
2012-06-13 17:01 - 2012-06-13 17:01 - 00000000 ____D C:\Program Files\WinPcap
2012-06-13 17:00 - 2012-06-13 17:01 - 00000000 ____D C:\Program Files\Wireshark
2012-06-13 16:58 - 2012-06-13 16:59 - 19599159 ____A (Wireshark development team) C:\Users\abc\Downloads\wireshark-win32-1.6.8.exe
2012-06-12 14:56 - 2012-06-12 14:56 - 00019529 ____A C:\Users\abc\Downloads\[BakaBT.165705v0] [Commie] Zero no Tsukaima F.torrent
2012-06-12 02:09 - 2012-06-12 02:09 - 00000000 ____D C:\Users\abc\AppData\Local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
2012-06-12 02:09 - 2012-06-12 02:09 - 00000000 ____D C:\Users\abc\AppData\Local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
2012-06-11 14:44 - 2012-06-11 14:44 - 00000000 ____D C:\Program Files\LAV Filters
2012-06-11 14:43 - 2012-06-11 14:43 - 06580237 ____A (1f0.de ) C:\Users\abc\Downloads\LAVFilters-0.50.5.exe
2012-06-11 01:42 - 2012-06-11 01:42 - 00023001 ____A C:\Users\abc\Downloads\%5BFinal8%5DIsekai+no+Seikishi+Monogatari+-+01-13%28BD+10-bit+1280x720+x264+AAC%29.torrent
2012-06-10 21:10 - 2012-06-10 21:10 - 00000000 ____D C:\Users\abc\AppData\Local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
2012-06-10 21:10 - 2012-06-10 21:10 - 00000000 ____D C:\Users\abc\AppData\Local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
2012-06-10 13:37 - 2012-06-10 13:37 - 00000000 ____D C:\Users\abc\AppData\Local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
2012-06-10 13:37 - 2012-06-10 13:37 - 00000000 ____D C:\Users\abc\AppData\Local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
2012-06-08 14:17 - 2012-06-08 14:17 - 00000000 ____D C:\Users\abc\AppData\Local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
2012-06-08 14:17 - 2012-06-08 14:17 - 00000000 ____D C:\Users\abc\AppData\Local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
2012-06-08 14:11 - 2012-06-08 14:11 - 00000000 ____D C:\Users\abc\AppData\Local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
2012-06-08 14:11 - 2012-06-08 14:11 - 00000000 ____D C:\Users\abc\AppData\Local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
2012-06-08 13:58 - 2012-06-08 13:58 - 00000000 ____D C:\Users\abc\AppData\Local\{97E292A8-00D6-4ECB-8568-04970597C97D}
2012-06-08 13:58 - 2012-06-08 13:58 - 00000000 ____D C:\Users\abc\AppData\Local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
2012-06-08 12:18 - 2012-06-08 12:18 - 00031953 ____A C:\Users\abc\Downloads\[BakaBT.148053v0] Majin Tantei Nougami Neuro [720p H264] - [Catchphrase - Ainex].torrent
2012-06-08 12:12 - 2012-06-08 12:12 - 00000000 ____D C:\Users\abc\AppData\Local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
2012-06-08 12:11 - 2012-06-08 12:12 - 00000000 ____D C:\Users\abc\AppData\Local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
2012-06-08 12:09 - 2012-06-08 12:09 - 00000000 ____D C:\Users\abc\AppData\Local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
2012-06-08 12:09 - 2012-06-08 12:09 - 00000000 ____D C:\Users\abc\AppData\Local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
2012-06-08 07:47 - 2012-06-08 07:47 - 00000000 ____D C:\Users\abc\AppData\Local\{1AE509B9-4C77-45DF-8874-2AB4CAEB81B9}
2012-06-08 07:47 - 2012-06-08 07:47 - 00000000 ____D C:\Users\abc\AppData\Local\{0958F1D1-B5BD-47B3-B747-2518DDEA05DB}
2012-06-08 07:28 - 2012-06-28 19:20 - 00000205 ____A C:\Users\abc\Desktop\a.txt
2012-06-08 06:56 - 2012-06-08 06:56 - 00032467 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 12 [BD 1920x1080 H264 FLAC] [2A95B660].mkv.torrent
2012-06-08 06:55 - 2012-06-08 06:55 - 00034407 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 11 [BD 1920x1080 H264 FLAC] [14787537].mkv.torrent
2012-06-08 06:55 - 2012-06-08 06:55 - 00027767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 10 [BD 1920x1080 H264 FLAC] [1425D434].mkv.torrent
2012-06-08 06:54 - 2012-06-08 06:54 - 00035267 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 08 [BD 1920x1080 H264 FLAC] [04A58265].mkv.torrent
2012-06-08 06:54 - 2012-06-08 06:54 - 00030547 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 09 [BD 1920x1080 H264 FLAC] [08E480C1].mkv.torrent
2012-06-08 06:53 - 2012-06-08 06:53 - 00028003 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1280x720 H264 AAC] [CE8E5D1D].mkv.torrent

============ 3 Months Modified Files ========================
2012-07-07 17:59 - 2010-03-24 10:31 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 17:45 - 2009-12-04 18:40 - 01913216 ____A C:\Windows\WindowsUpdate.log
2012-07-07 17:38 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 17:38 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 17:34 - 2012-03-30 17:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-07 17:11 - 2012-07-07 17:11 - 00607260 ____R (Swearware) C:\Users\abc\Desktop\dds.scr
2012-07-07 17:09 - 2012-07-07 17:09 - 00000593 ____A C:\Users\abc\Desktop\gmer.log
2012-07-07 17:06 - 2010-06-26 12:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
2012-07-07 16:54 - 2012-07-07 16:54 - 00302592 ____A C:\Users\abc\Desktop\pojybror.exe
2012-07-07 16:47 - 2012-01-24 19:23 - 00077908 ____A C:\Windows\PFRO.log
2012-07-07 16:47 - 2012-01-24 19:12 - 00032360 ____A C:\Windows\setupact.log
2012-07-07 16:47 - 2010-07-14 22:33 - 00001040 ____A C:\sccfg.sys
2012-07-07 16:47 - 2010-03-24 10:31 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-07 16:47 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-07 16:28 - 2012-06-07 08:36 - 00000287 ____A C:\Users\abc\Desktop\e.txt
2012-07-07 16:23 - 2012-07-07 16:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 16:22 - 2012-07-07 16:21 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\abc\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 15:14 - 2012-07-07 15:05 - 209715200 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.001
2012-07-07 15:10 - 2012-07-07 15:06 - 68798269 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.002
2012-07-07 12:41 - 2012-07-07 11:50 - 00000253 ____A C:\Users\abc\Desktop\FSS.txt
2012-07-07 11:49 - 2012-07-07 11:49 - 00341299 ____A C:\Users\abc\Downloads\FSS.exe
2012-07-07 11:39 - 2012-07-07 11:39 - 00003352 ____N C:\bootsqm.dat
2012-07-07 10:47 - 2012-05-14 21:51 - 60817408 ____A C:\Windows\System32\config\software.iobit
2012-07-07 10:47 - 2012-05-14 21:51 - 19804160 ____A C:\Windows\System32\config\system.iobit
2012-07-07 10:47 - 2012-05-14 21:51 - 00720896 ____A C:\Windows\System32\config\default.iobit
2012-07-07 10:47 - 2012-05-14 21:51 - 00032768 ____A C:\Windows\System32\config\security.iobit
2012-07-07 10:47 - 2012-05-14 21:51 - 00028672 ____A C:\Windows\System32\config\sam.iobit
2012-07-07 10:40 - 2009-07-26 12:06 - 00796888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 10:34 - 2009-07-13 20:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-07 00:31 - 2010-06-26 12:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
2012-07-02 22:31 - 2009-07-13 20:33 - 03784248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-30 08:04 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
2012-06-29 23:37 - 2012-06-29 23:37 - 00000048 ____A C:\Users\abc\Desktop\c.txt
2012-06-28 19:20 - 2012-06-08 07:28 - 00000205 ____A C:\Users\abc\Desktop\a.txt
2012-06-26 16:56 - 2012-06-26 16:56 - 00000000 ____A C:\Windows\System32\cd.dat
2012-06-26 16:55 - 2012-06-26 16:55 - 00146152 ____A C:\Windows\Minidump\062712-23181-01.dmp
2012-06-24 02:54 - 2012-06-24 02:54 - 00011109 ____A C:\Users\Guest\Downloads\veselie_kanikuly_[tfile.ru].avi.torrent
2012-06-22 15:37 - 2012-03-30 17:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-22 15:37 - 2011-09-03 18:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-17 15:09 - 2012-06-17 15:09 - 00031502 ____A C:\Users\abc\Downloads\f18t64p389n1.rar
2012-06-17 15:07 - 2012-06-17 15:07 - 00053856 ____A C:\Users\abc\Downloads\KSSN Pack 1 By KssnGiver.rar
2012-06-17 13:28 - 2012-06-17 13:28 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607 (1).exe
2012-06-15 14:12 - 2012-04-27 17:02 - 00000621 ____A C:\Users\abc\Last session abc.prj
2012-06-13 23:42 - 2012-06-13 23:42 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607.exe
2012-06-13 17:47 - 2012-06-13 17:47 - 38136752 ____A (TuneUp Software) C:\Users\abc\Downloads\TuneUpUtilities2012_en-US.exe
2012-06-13 16:59 - 2012-06-13 16:58 - 19599159 ____A (Wireshark development team) C:\Users\abc\Downloads\wireshark-win32-1.6.8.exe
2012-06-12 14:56 - 2012-06-12 14:56 - 00019529 ____A C:\Users\abc\Downloads\[BakaBT.165705v0] [Commie] Zero no Tsukaima F.torrent
2012-06-11 14:43 - 2012-06-11 14:43 - 06580237 ____A (1f0.de ) C:\Users\abc\Downloads\LAVFilters-0.50.5.exe
2012-06-11 01:42 - 2012-06-11 01:42 - 00023001 ____A C:\Users\abc\Downloads\%5BFinal8%5DIsekai+no+Seikishi+Monogatari+-+01-13%28BD+10-bit+1280x720+x264+AAC%29.torrent
2012-06-08 12:18 - 2012-06-08 12:18 - 00031953 ____A C:\Users\abc\Downloads\[BakaBT.148053v0] Majin Tantei Nougami Neuro [720p H264] - [Catchphrase - Ainex].torrent
2012-06-08 06:56 - 2012-06-08 06:56 - 00032467 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 12 [BD 1920x1080 H264 FLAC] [2A95B660].mkv.torrent
2012-06-08 06:55 - 2012-06-08 06:55 - 00034407 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 11 [BD 1920x1080 H264 FLAC] [14787537].mkv.torrent
2012-06-08 06:55 - 2012-06-08 06:55 - 00027767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 10 [BD 1920x1080 H264 FLAC] [1425D434].mkv.torrent
2012-06-08 06:54 - 2012-06-08 06:54 - 00035267 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 08 [BD 1920x1080 H264 FLAC] [04A58265].mkv.torrent
2012-06-08 06:54 - 2012-06-08 06:54 - 00030547 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 09 [BD 1920x1080 H264 FLAC] [08E480C1].mkv.torrent
2012-06-08 06:53 - 2012-06-08 06:53 - 00028003 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1280x720 H264 AAC] [CE8E5D1D].mkv.torrent
2012-06-07 16:11 - 2012-06-07 16:11 - 00036227 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 07 [BD 1920x1080 H264 FLAC] [4334E9CE].mkv.torrent
2012-06-07 16:09 - 2012-06-07 16:09 - 00035767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 06 [BD 1920x1080 H264 FLAC] [32785C71].mkv.torrent
2012-06-07 16:07 - 2012-06-07 16:07 - 00035947 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1920x1080 H264 FLAC] [3339E03C].mkv.torrent
2012-06-07 16:04 - 2012-06-07 16:04 - 00018183 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 04 [BD 1920x1080 H264 FLAC] [2019D88A].mkv.torrent
2012-06-07 15:41 - 2012-06-07 15:41 - 00017963 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 03 [BD 1920x1080 H264 FLAC] [6879531B].mkv (1).torrent
2012-06-07 15:12 - 2012-06-07 14:56 - 98902081 ____A C:\Users\abc\Downloads\[Hiryuu]_Freezing_SP01_[BD_1280x720_H264_AAC]_[079A17CA].mkv
2012-06-07 14:49 - 2012-06-07 14:49 - 00017963 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 03 [BD 1920x1080 H264 FLAC] [6879531B].mkv.torrent
2012-06-07 14:46 - 2012-06-07 14:35 - 116039878 ____A C:\Users\abc\Downloads\[Hiryuu]_Freezing_SP02_[BD_1280x720_H264_AAC]_[24DD04E9].mkv
2012-06-07 14:29 - 2012-06-07 14:29 - 00015480 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing SP01 [BD 1280x720 H264 AAC] [079A17CA].mkv.torrent
2012-06-07 06:28 - 2012-06-07 06:28 - 00015760 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 02 [BD 1280x720 H264 AAC] [7462F0C4].mkv.torrent
2012-06-07 04:13 - 2012-06-07 04:13 - 00015988 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 01 [BD 1280x720 H264 AAC] [4B45F0E3].mkv [h33t].torrent
2012-06-07 04:11 - 2012-06-07 04:11 - 00015988 ____A C:\Users\abc\Downloads\[kat.ph]hiryuu.freezing.01.bd.1280x720.h264.aac.4b45f0e3.mkv.torrent
2012-06-07 04:11 - 2012-06-07 04:11 - 00015988 ____A C:\Users\abc\Downloads\[kat.ph]hiryuu.freezing.01.bd.1280x720.h264.aac.4b45f0e3.mkv (1).torrent
2012-06-07 03:50 - 2012-06-07 03:50 - 00015700 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 01 [BD 1280x720 H264 AAC] [4B45F0E3].mkv.torrent
2012-06-03 14:35 - 2010-03-26 20:09 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-30 07:33 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-30 07:33 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-30 07:33 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-30 07:33 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-30 07:33 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-30 07:33 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-30 07:33 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-30 07:32 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-30 07:32 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 12:59 - 2012-06-01 11:06 - 00000616 ____A C:\Users\Guest\AppData\Roaming\Rim.Transcoder.Exception.log
2012-06-01 12:59 - 2012-06-01 11:06 - 00000616 ____A C:\Users\Guest\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-01 12:59 - 2012-06-01 11:06 - 00000231 ____A C:\Users\Guest\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-01 12:42 - 2012-06-01 12:42 - 00000256 ____A C:\Windows\System32\pool.bin
2012-06-01 12:19 - 2012-06-01 11:04 - 00003156 ____A C:\Users\abc\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-01 11:10 - 2012-06-01 11:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2012-06-01 11:05 - 2012-06-01 11:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2012-05-29 11:46 - 2012-02-05 01:18 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2012-05-29 11:46 - 2011-07-03 15:03 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
2012-05-27 10:20 - 2012-05-27 10:20 - 00493520 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-05-26 14:33 - 2012-05-26 14:33 - 00121512 ____A C:\Users\abc\Downloads\DB9208970943B9442F1EBD0FB4F6F25708E18AE9.torrent
2012-05-25 17:08 - 2012-05-25 17:08 - 00012510 ____A C:\Users\abc\Downloads\RustyHearts_PWE_Setup_20111107_v5.exe.torrent
2012-05-24 03:17 - 2012-05-24 03:17 - 00014748 ____A C:\Users\abc\Downloads\hana_yori_dango_final_2008_movie_sd[sars].avi.torrent
2012-05-23 16:24 - 2010-10-23 16:03 - 00008704 ____A C:\Users\abc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-22 04:39 - 2012-05-22 04:39 - 00020276 ____A C:\Users\abc\Downloads\[BakaBT.165741v2] Phi Brain - Kami no Puzzle.torrent
2012-05-22 03:39 - 2012-05-22 03:39 - 06290208 ____A C:\Users\abc\Downloads\HSS-2.53-install-anchorfree-247-conduit3.exe
2012-05-22 03:34 - 2012-05-22 03:34 - 00272200 ____A C:\Users\abc\Downloads\DM-247.exe
2012-05-22 03:21 - 2012-05-22 03:21 - 00674682 ____A C:\Users\abc\Downloads\vpnautoconnect.zip
2012-05-21 07:13 - 2012-05-21 07:13 - 02428210 ____A C:\Users\abc\Downloads\HideIPVPN-v1.0.0.4-install.exe
2012-05-17 15:11 - 2012-06-30 07:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-30 07:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-30 07:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-30 07:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-30 07:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:35 - 2012-06-30 07:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:33 - 2012-06-30 07:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-30 07:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-30 07:55 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:29 - 2012-06-30 07:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:27 - 2012-06-30 07:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-30 07:55 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-30 07:55 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-30 07:55 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 06:42 - 2012-05-16 06:42 - 00000981 ____A C:\Users\abc\Documents\ASPICHK_OLD.TXT
2012-05-16 00:44 - 2012-05-16 00:44 - 00073006 ____A C:\Windows\System32\plugins.bak
2012-05-15 21:31 - 2012-05-15 21:31 - 00015524 ____A C:\Users\abc\Downloads\[kat.ph]final.fantasy.viii.psx.torrent
2012-05-15 02:51 - 2012-05-15 02:51 - 00008523 ____A C:\Users\abc\Downloads\dsp.zip
2012-05-15 02:37 - 2012-05-15 02:37 - 04688861 ____A C:\Users\abc\Downloads\Dolphin-win-x86-v3.0-636.7z
2012-05-14 22:30 - 2012-05-14 22:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-14 22:30 - 2012-05-14 22:30 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-14 22:30 - 2012-05-14 22:30 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-14 22:30 - 2012-05-14 22:30 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-14 17:05 - 2012-06-30 07:43 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-08 00:44 - 2012-05-08 00:44 - 00046862 ____A C:\Users\abc\Downloads\[Exiled-Destiny]_Fruits_Basket.4372321.TPB.torrent
2012-05-08 00:32 - 2012-05-08 00:32 - 00046749 ____A C:\Users\abc\Downloads\[isoHunt] aec26d694efa50f15fdc0bb9584b6bf0ac44aeaa.torrent
2012-05-08 00:15 - 2012-05-08 00:15 - 00032643 ____A C:\Users\abc\Downloads\[a4e]Fruits_Basket_01-26.torrent
2012-05-06 13:34 - 2012-05-06 13:34 - 00019130 ____A C:\Users\abc\Downloads\[GotWoot] Mirai Nikki (complete).torrent
2012-05-04 01:59 - 2012-06-30 07:44 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-02 18:54 - 2012-05-02 18:54 - 00042392 ____A C:\Windows\System32\xfcodec.dll
2012-04-30 20:44 - 2012-06-30 07:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-30 07:44 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 17:10 - 2012-04-27 17:09 - 00718172 ____A C:\Users\abc\Downloads\Windows6.1-KB917607-x64.msu
2012-04-27 16:59 - 2012-04-27 16:59 - 01753837 ____A C:\Users\abc\Downloads\winhex.zip
2012-04-27 16:55 - 2012-04-24 23:38 - 00176502 ____A C:\Users\abc\Downloads\pso2_closedbeta_text.rar
2012-04-25 20:45 - 2012-06-30 07:44 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-30 07:44 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-30 07:44 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 23:33 - 2012-04-24 23:33 - 00001296 ____A C:\Users\abc\Desktop\PHANTASY STAR ONLINE 2.lnk
2012-04-24 21:41 - 2012-04-24 21:32 - 00001180 ____A C:\Users\abc\Desktop\Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP.lnk
2012-04-24 21:30 - 2012-04-24 21:29 - 04375552 ____A C:\Users\abc\Downloads\patch1.009.exe
2012-04-24 21:30 - 2012-04-24 21:29 - 04371876 ____A C:\Users\abc\Downloads\patch1.009_eng.exe
2012-04-24 21:27 - 2012-04-24 21:25 - 16186223 ____A (MicSoft) C:\Users\abc\Downloads\patch2.008.exe
2012-04-24 21:19 - 2012-04-24 21:19 - 01920968 ____A C:\Users\abc\Downloads\WindomXP v2.008 [Full-Eng][Spyral][13-02-2011].rar
2012-04-24 21:15 - 2012-04-24 21:15 - 01877806 ____A C:\Users\abc\Downloads\WindomXP v2.004 [Full-Eng][Spyral] 17-10-2010.rar
2012-04-23 20:36 - 2012-06-30 07:44 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-30 07:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-30 07:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 12:18 - 2012-04-19 12:18 - 00033005 ____A C:\Users\abc\Downloads\[Commie] Persona 4.torrent
2012-04-17 05:45 - 2012-04-17 05:45 - 00075250 ____A C:\Users\abc\Downloads\[a-S] Full Metal Panic! (01-24) (1080p).torrent
2012-04-16 12:12 - 2012-04-16 12:12 - 00002497 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-16 08:16 - 2012-04-16 08:15 - 00028614 ____A C:\Users\abc\Downloads\[BakaBT.149498v5] Skip Beat.torrent
2012-04-15 11:31 - 2012-04-15 11:31 - 00025427 ____A C:\Users\abc\Downloads\[BakaBT.163330v0] Angel Beats! [Doki] (Hi10P 720p).torrent
2012-04-11 07:40 - 2012-04-11 07:40 - 00037376 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\HssDrv.sys
2012-04-10 12:39 - 2012-04-10 12:39 - 00000000 ____A C:\Windows\System32\pcapsvc.log
ZeroAccess:
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\@
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\00000001.@
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\80000000.@
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\800000cb.@
ZeroAccess:
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\@
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\00000001.@
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3004.61 MB
Available physical RAM: 2530.51 MB
Total Pagefile: 3000.82 MB
Available Pagefile: 2542.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:141.49 GB) (Free:8.85 GB) NTFS
2 Drive e: () (Fixed) (Total:141.5 GB) (Free:14.09 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:3.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (USB2) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 141 GB 15 GB
Partition 4 Primary 141 GB 156 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 141 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 141 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H USB2 FAT32 Removable 3820 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-29 05:31
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 07-07-2012 03
Ran by SYSTEM at 2012-07-08 04:00:21
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    507 bytes · Views: 1
Sorry ComboFix took some time to finish.



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 03
Ran by SYSTEM at 2012-07-08 04:38:41 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\frdepbt Value not found.
AMService service not found.
C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2} not found.
C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
ComboFix 12-07-07.04 - abc 08/07/2012 5:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.1899 [GMT 1:00]
Running from: c:\users\abc\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\programdata\DynuEncrypt.dll
c:\programdata\FullRemove.exe
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{10C15200-9989-4934-A35E-A6707EBBEB31}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{270E492D-F0B4-4CEB-AF8A-F2A167BEF76D}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39B21D29-65DD-4C9C-A880-D7CB965C038A}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ACAC4B54-1EF8-47AC-BE36-C43A4841F30C}.xps
c:\users\Guest\AppData\Roaming\Ecyn
c:\users\Guest\AppData\Roaming\Ecyn\yryv.obb
c:\users\abc\AppData\Local\frdepbt.dat
c:\users\abc\AppData\Local\frdepbt_nav.dat
c:\users\abc\AppData\Local\frdepbt_navps.dat
c:\users\abc\AppData\Local\nffee.dat
c:\users\abc\AppData\Local\nffee_nav.dat
c:\users\abc\AppData\Local\nffee_navps.dat
c:\users\abc\AppData\Roaming\.#
c:\windows\$NtUninstallKB63888$
c:\windows\$NtUninstallKB63888$\2081425448
c:\windows\$NtUninstallKB63888$\671080047\@
c:\windows\$NtUninstallKB63888$\671080047\cfg.ini
c:\windows\$NtUninstallKB63888$\671080047\Desktop.ini
c:\windows\$NtUninstallKB63888$\671080047\L\xadqgnnk
c:\windows\$NtUninstallKB63888$\671080047\oemid
c:\windows\$NtUninstallKB63888$\671080047\U\00000001.@
c:\windows\$NtUninstallKB63888$\671080047\U\00000002.@
c:\windows\$NtUninstallKB63888$\671080047\U\00000004.@
c:\windows\$NtUninstallKB63888$\671080047\U\80000000.@
c:\windows\$NtUninstallKB63888$\671080047\U\80000004.@
c:\windows\$NtUninstallKB63888$\671080047\U\80000032.@
c:\windows\$NtUninstallKB63888$\671080047\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\uxt17B7.tmp
C:\Windupdt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 11:03 . 2012-07-08 11:03 -------- d-----w- C:\FRST
2012-07-08 04:31 . 2012-07-08 04:31 -------- d-----w- C:\microsoft
2012-07-08 04:29 . 2012-07-08 04:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-08 04:29 . 2012-07-08 04:34 -------- d-----w- c:\users\abc\AppData\Local\temp
2012-07-08 04:29 . 2012-07-08 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 04:11 . 2012-07-08 04:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B128E9C1-1546-4AB3-AC6D-E21DD62E0180}\offreg.dll
2012-07-08 00:23 . 2012-07-08 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 00:23 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 22:34 . 2012-07-06 22:34 -------- d--h--w- c:\windows\PIF
2012-07-03 14:05 . 2012-07-03 14:05 -------- d-----w- c:\users\abc\AppData\Local\Macromedia
2012-07-03 11:00 . 2012-07-03 11:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 16:11 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B128E9C1-1546-4AB3-AC6D-E21DD62E0180}\mpengine.dll
2012-06-30 15:55 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-30 15:55 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-30 15:55 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-30 15:55 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-30 15:55 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-30 15:55 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-30 15:54 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-06-30 15:54 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-30 15:54 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-30 15:54 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-30 15:54 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-30 15:43 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 15:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-06-30 15:33 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 15:33 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 15:33 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 15:33 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 15:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-30 15:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 15:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 15:32 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 15:32 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 13:03 . 2012-06-30 13:04 -------- d-----w- c:\program files\Core Temp
2012-06-23 09:11 . 2012-06-23 09:11 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-06-20 13:58 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-20 13:57 . 2012-06-20 13:57 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\93bc8c7c1cd4eec01\MeshBetaRemover.exe
2012-06-19 21:44 . 2012-06-19 21:44 -------- d-----w- c:\users\Guest\AppData\Local\ESET
2012-06-17 22:57 . 2012-06-17 22:57 -------- d-----w- c:\program files\INFovine
2012-06-17 22:57 . 2011-12-27 08:59 56288 ----a-w- c:\windows\system32\VineTransfer.ocx
2012-06-17 22:57 . 2011-12-27 08:59 48104 ----a-w- c:\windows\system32\UbiKeyUninstall.exe
2012-06-17 22:57 . 2011-12-27 08:59 39896 ----a-w- c:\windows\system32\UbiKey.dll
2012-06-17 22:57 . 2011-12-27 08:59 39904 ----a-w- c:\windows\system32\UbiKeyWin32.dll
2012-06-17 22:56 . 2012-06-17 22:56 -------- d-----w- c:\program files\DreamSecurity
2012-06-17 21:29 . 2012-06-17 21:29 -------- d-----w- c:\users\abc\AppData\Roaming\com.tfhz.air.player
2012-06-14 01:55 . 2012-06-14 01:55 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-06-14 01:48 . 2012-06-14 01:48 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-14 01:48 . 2012-06-14 01:48 -------- d--h--w- c:\programdata\Common Files
2012-06-14 01:34 . 2012-06-14 01:34 -------- d-----w- c:\users\abc\AppData\Roaming\Wireshark
2012-06-14 01:01 . 2012-06-14 01:01 -------- d-----w- c:\program files\WinPcap
2012-06-14 01:00 . 2012-06-14 01:01 -------- d-----w- c:\program files\Wireshark
2012-06-11 22:44 . 2012-06-11 22:44 -------- d-----w- c:\program files\LAV Filters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 23:37 . 2012-03-31 01:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 23:37 . 2011-09-04 02:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-29 19:46 . 2011-07-03 23:03 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 19:46 . 2012-02-05 09:18 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-05-15 06:30 . 2012-05-15 06:30 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-15 06:30 . 2012-05-15 06:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-15 06:30 . 2012-05-15 06:30 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-15 06:30 . 2012-05-15 06:30 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-04-11 15:40 . 2012-04-11 15:40 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-04-09 21:34 . 2012-04-25 10:31 3957088 ----a-w- c:\windows\system32\GameMon.des
2010-05-07 20:13 . 2010-05-07 20:13 6 ----a-w- c:\program files\Common Files\UnInstallCompleted.tmp
2007-11-06 15:19 . 2011-12-13 07:16 1162744 ----a-w- c:\program files\opera\program\plugins\mfc90u.dll
2007-11-06 15:19 . 2011-12-13 07:16 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 15:19 . 2011-12-13 07:16 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2011-10-11 22:51 . 2011-04-03 11:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\XfireXO\tbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-20 880496]
"SpeedItUpEX"="c:\program files\Speeditup Free\SpeedItUp.exe" [2008-06-09 2275328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-09-14 112400]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Akamai NetSession Interface"="c:\users\abc\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"fsn"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe" [2010-03-25 137792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"GamingMouse"="c:\program files\GamingMouse\hid.exe" [2010-07-16 240640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2012-02-17 1441792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Creative Element Power Tools Startup.lnk - c:\program files\Creative Element Power Tools\Startup.exe [2011-2-2 265384]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-5-3 3553176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\abc\AppData\Local\Temp\ALSysIO.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 msfilter;Blaze Gaming Mouse;c:\windows\system32\drivers\msfilter.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [x]
S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
imagedrv
tmactmon
SE2Bbus
epgspooler
awlegacy
GENERICDRV
icdsptsv
lyncusbserv
WD_FireWire_HID
STV680
ScFBPNT2
tbaspi
lxce_device
vetfddnt
zebrsce
oracle_load_balancer_60_server-forms6ip14
bmwebcfg
grmnusb
elagopro
SQTECH905C
iviVD
s117mdm
modemcsa
dlbx_device
basic2
hpqcxs08
CiscoVpnInstallService
djsnetcn
NWADI
datunidr
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 18:31]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 18:31]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
- c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 03:48]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
- c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 03:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ee/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = 219.223.252.137:1080
IE: Download All By FlashGet3 - c:\users\abc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\abc\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: pcapwsp.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: crunchyroll.com\www
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.254
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxp://auth.siren24.com/infovine/VineTransfer.cab
DPF: {C8223F3A-1420-4245-88F2-D874FC081574} - hxxps://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab
FF - ProfilePath - c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - prefs.js: network.proxy.ftp - 202.158.150.175
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55111
FF - prefs.js: network.proxy.socks - 202.158.150.175
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 202.158.150.175
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2208)
c:\program files\Xfire\xfire_toucan_45547.dll
c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
c:\program files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\conhost.exe
c:\program files\Proxy Labs\ProxyCap\pcapui.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-08 05:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-08 04:44
.
Pre-Run: 9,334,329,344 bytes free
Post-Run: 11,692,961,792 bytes free
.
- - End Of File - - 9A519CA9380AE9A9EC06D2604B8FA558
 
Looks good :)

Any current issues?

====================================

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=================================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===========================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Yes everything seems to work fine now. Firewall and defender started working again and Sirefef is removed.
I shall uninstall Advanced System Care 5 aswell but I can't seem to be able to download OTL, website doesn't load.
Going to post MBAM log in couple of minutes when it finishes scanning.

Thank you very much for your help!!
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
abc :: ABC-PC [administrator]

Protection: Enabled

08/07/2012 06:05:35
mbam-log-2012-07-08 (06-05-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237072
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Thank you, link worked.
Here's the log:


OTL logfile created on: 7/8/2012 8:32:15 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\abc\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.21% Memory free
5.86 Gb Paging File | 4.23 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 12.78 Gb Free Space | 9.03% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 14.09 Gb Free Space | 9.96% Space Free | Partition Type: NTFS

Computer Name: ABC-PC | User Name: abc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 20:30:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
PRC - [2012/05/29 20:46:48 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/20 11:22:54 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/05/03 03:54:42 | 003,553,176 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2012/04/11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/04/11 00:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/02 19:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/03/25 08:01:44 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/17 14:15:02 | 001,441,792 | ---- | M] (Proxy Labs) -- C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
PRC - [2012/02/17 14:15:00 | 001,372,160 | ---- | M] (Proxy Labs) -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
PRC - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/09/14 08:22:36 | 000,112,400 | ---- | M] (www.motioninjoy.com) -- C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/16 16:37:58 | 000,240,640 | ---- | M] () -- C:\Program Files\GamingMouse\hid.exe
PRC - [2010/05/25 14:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npstartersvc.exe
PRC - [2010/05/25 14:43:52 | 000,213,279 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npnj5Agent.exe
PRC - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/02/22 16:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2006/11/21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/03 07:35:06 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/03 07:34:54 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/15 09:14:01 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/15 09:13:41 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 09:13:36 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 09:13:16 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/11 01:05:10 | 000,009,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/04/11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/10/14 21:54:53 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/16 16:37:58 | 000,240,640 | ---- | M] () -- C:\Program Files\GamingMouse\hid.exe
MOD - [2010/07/04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/11/21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (irmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wstcodec.dll -- (imagedrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odserv.dll -- (hpqcxs08)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaboiom.dll -- (datunidr)
SRV - [2012/07/03 23:56:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/23 00:37:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/30 00:01:11 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/11 01:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/04/11 00:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/04/09 22:34:20 | 003,957,088 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/02 19:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/17 14:15:00 | 001,372,160 | ---- | M] (Proxy Labs) [Auto | Running] -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc)
SRV - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/06/29 03:01:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/25 14:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)
SRV - [2010/02/22 16:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva346.sys -- (XDva346)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\abc\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [File_System | System | Stopped] -- System32\Drivers\dfsc.sys -- (DfsC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\abc\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\abc\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/05/08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/04/11 16:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012/04/06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/07/01 10:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/03/23 17:20:32 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/02/09 05:12:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/04 23:07:07 | 000,138,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/07/15 07:33:44 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2010/07/15 07:17:22 | 000,180,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinVd32.sys -- (WinVd32)
DRV - [2010/07/15 07:17:15 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/13 15:55:18 | 000,047,712 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\NPIdsVt.sys -- (NPIDS)
DRV - [2010/04/13 13:17:52 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msfilter.sys -- (msfilter)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2010/02/22 16:51:16 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/02/22 16:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/22 16:47:22 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/02/15 10:24:00 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010/01/22 22:14:16 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 22:14:14 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 22:14:12 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 22:14:12 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 17:13:00 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 17:13:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/01/22 17:13:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/11/11 12:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 12:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 12:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/04/29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
DRV - [2005/01/03 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ee/
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.223.252.137:1080

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="
FF - prefs.js..network.proxy.backup.ftp: "124.54.177.78"
FF - prefs.js..network.proxy.backup.ftp_port: 18080
FF - prefs.js..network.proxy.backup.socks: "124.54.177.78"
FF - prefs.js..network.proxy.backup.socks_port: 18080
FF - prefs.js..network.proxy.backup.ssl: "124.54.177.78"
FF - prefs.js..network.proxy.backup.ssl_port: 18080
FF - prefs.js..network.proxy.ftp: "202.158.150.175"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55111
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "202.158.150.175"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "202.158.150.175"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ncsoft.com/Plugin: C:\Program Files\plaync\NCPlugin\npncllm3.dll (NCsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll (INFOVINE)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\abc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll (INFOVINE)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/09/11 04:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/11 23:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/05 13:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/02 02:43:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/28 16:05:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\windows\vf_hip\ [2010/08/19 07:58:57 | 000,000,000 | ---D | M]

[2010/03/24 19:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abc\AppData\Roaming\mozilla\Extensions
[2012/07/08 04:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions
[2012/06/09 03:35:02 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}
[2012/07/03 23:56:33 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/04/28 22:38:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/03 23:56:37 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/03 23:56:41 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010/05/27 01:39:29 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2012/07/03 23:56:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2012/01/24 17:28:08 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\DTToolbar@toolbarnet.com
[2012/03/26 17:22:47 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\ffxtlbr@babylon.com
[2011/03/21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\conduit.xml
[2011/02/09 05:12:22 | 000,002,059 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\daemon-search.xml
[2010/04/29 15:34:57 | 000,002,384 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\Search Solver.xml
[2010/04/20 16:57:08 | 000,003,915 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\sweetim.xml
[2012/03/05 04:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 18:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/02 23:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/14 23:52:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/27 12:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/05 13:05:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/07 00:28:48 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/04/05 21:07:30 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2011/04/05 21:07:21 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/03/25 03:39:55 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/10/11 23:51:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 12:11:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 21:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/10/06 10:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll
[2011/05/26 20:40:54 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/11 23:51:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/12/13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\abc\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: OGPlanet Game Launcher Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: ncsoft login launcher module (Enabled) = C:\Program Files\plaync\NCPlugin\npncllm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\abc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\windows\system32\npOGPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Collusion for Chrome = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\1.5.6_0\
CHR - Extension: AdBlock = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/08 05:32:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\abc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
O4 - HKLM..\Run: [GamingMouse] C:\Program Files\GamingMouse\hid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ProxyCap] C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe (Proxy Labs)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe ()
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [Akamai NetSession Interface] C:\Users\abc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe (MicroSmarts LLC.)
O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe (Creative Element)
O4 - Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\abc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\abc\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\windows\System32\pcapwsp.dll (Proxy Labs)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - pcapwsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - pcapwsp.dll File not found
O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: crunchyroll.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab (nPCom2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} http://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab (SysInfoCom Class)
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} http://auth.siren24.com/infovine/VineTransfer.cab (VineTransfer Control)
O16 - DPF: {C8223F3A-1420-4245-88F2-D874FC081574} https://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab (MagicLineMBX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD741A8-E2ED-4452-BC35-215CE88B041D}: DhcpNameServer = 10.78.48.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 20:30:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
[2012/07/08 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{2AB3CFFD-B8C0-4631-8C11-267C419AE771}
[2012/07/08 16:47:45 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C6CDBC40-04E4-4D21-8908-3EAA436F4E4C}
[2012/07/08 12:03:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/08 11:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/08 11:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/08 11:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/08 11:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/08 05:44:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/08 05:31:09 | 000,000,000 | ---D | C] -- C:\microsoft
[2012/07/08 05:29:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\temp
[2012/07/08 04:55:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/08 04:55:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/08 04:55:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/08 04:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/08 04:52:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/08 04:47:24 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\abc\Desktop\ComboFix.exe
[2012/07/08 03:26:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{222753AC-2B62-443F-945F-E25D32EA28F2}
[2012/07/08 03:26:17 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C0494E54-E2D6-4D37-9D8D-A7A75799FDBE}
[2012/07/08 02:11:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\abc\Desktop\dds.scr
[2012/07/08 01:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/08 01:23:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/07/08 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/06 23:34:01 | 000,000,000 | -H-D | C] -- C:\windows\PIF
[2012/07/05 17:47:32 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
[2012/07/05 17:47:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
[2012/07/03 16:02:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
[2012/07/03 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
[2012/07/03 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\Macromedia
[2012/07/03 12:00:46 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/07/03 07:50:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{07A7090A-D502-484D-B74C-B8EA458005EA}
[2012/07/03 07:49:54 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DCB51446-C936-454A-9C19-10E677B52B6B}
[2012/07/02 01:50:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
[2012/06/30 14:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/06/30 14:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/06/30 07:17:58 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
[2012/06/29 06:32:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{831F87B7-737E-4174-8957-42C378BC2C7D}
[2012/06/29 06:31:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
[2012/06/28 21:23:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
[2012/06/27 19:27:27 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
[2012/06/27 01:59:23 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
[2012/06/27 01:59:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
[2012/06/26 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
[2012/06/26 15:16:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
[2012/06/25 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
[2012/06/23 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
[2012/06/23 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
[2012/06/23 08:02:47 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
[2012/06/23 00:43:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
[2012/06/23 00:43:15 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
[2012/06/22 06:38:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
[2012/06/20 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
[2012/06/20 15:00:11 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
[2012/06/20 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
[2012/06/20 14:22:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
[2012/06/20 13:26:01 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
[2012/06/20 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
[2012/06/19 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
[2012/06/18 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{001B426A-7AEE-464F-9187-771967E1F799}
[2012/06/17 23:57:48 | 000,056,288 | ---- | C] ((주)인포바인) -- C:\windows\System32\VineTransfer.ocx
[2012/06/17 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\INFovine
[2012/06/17 23:57:47 | 000,048,104 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKeyUninstall.exe
[2012/06/17 23:57:47 | 000,039,904 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKeyWin32.dll
[2012/06/17 23:57:47 | 000,039,896 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKey.dll
[2012/06/17 23:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2012/06/17 22:29:10 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Roaming\com.tfhz.air.player
[2012/06/15 16:47:30 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
[2012/06/14 02:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/06/14 02:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/06/14 02:48:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/14 02:48:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/14 02:34:14 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Roaming\Wireshark
[2012/06/14 02:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/06/14 02:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/06/14 02:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012/06/12 11:09:34 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
[2012/06/12 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
[2012/06/11 23:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
[2012/06/11 23:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\LAV Filters
[2012/06/11 06:10:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
[2012/06/11 06:10:05 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
[2012/06/10 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
[2012/06/10 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
[2012/06/08 23:17:36 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
[2012/06/08 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
[2012/06/08 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
[2012/06/08 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
[2012/06/08 22:58:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
[2012/06/08 22:58:17 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{97E292A8-00D6-4ECB-8568-04970597C97D}
[2012/06/08 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
[2012/06/08 21:11:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
[2012/06/08 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
[2012/06/08 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
[31 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/08 20:34:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 20:30:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
[2012/07/08 20:06:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
[2012/07/08 19:59:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/08 15:08:40 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 15:08:40 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 14:05:29 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 08:06:03 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
[2012/07/08 05:32:47 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/07/08 05:31:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/08 04:47:51 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\abc\Desktop\ComboFix.exe
[2012/07/08 02:11:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\abc\Desktop\dds.scr
[2012/07/08 01:54:50 | 000,302,592 | ---- | M] () -- C:\Users\abc\Desktop\pojybror.exe
[2012/07/08 01:23:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 20:39:54 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/07/07 19:40:48 | 000,676,672 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/07 19:40:48 | 000,131,056 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/03 07:31:19 | 003,784,248 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/27 01:56:11 | 000,000,000 | ---- | M] () -- C:\windows\System32\cd.dat
[2012/06/15 23:12:09 | 000,000,621 | ---- | M] () -- C:\Users\abc\Last session abc.prj
[2012/06/14 02:01:00 | 000,001,712 | ---- | M] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2012/06/09 00:51:57 | 000,002,002 | ---- | M] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[31 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 04:55:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/08 04:55:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/08 04:55:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/08 04:55:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/08 04:55:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/08 01:54:49 | 000,302,592 | ---- | C] () -- C:\Users\abc\Desktop\pojybror.exe
[2012/07/08 01:23:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 20:39:54 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/06/27 01:56:11 | 000,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
[2012/06/14 02:55:37 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/06/14 02:01:00 | 000,001,712 | ---- | C] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2012/06/14 02:01:00 | 000,001,700 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012/06/01 21:42:01 | 000,000,256 | ---- | C] () -- C:\windows\System32\pool.bin
[2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2012/04/28 02:02:50 | 000,000,621 | ---- | C] () -- C:\Users\abc\Last session abc.prj
[2012/03/05 03:02:34 | 000,000,342 | ---- | C] () -- C:\Users\abc\openvpn-connect.json
[2012/02/17 14:15:08 | 000,315,392 | ---- | C] ( ) -- C:\windows\System32\sbcrreag.dll
[2012/01/13 09:03:54 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/12/23 16:39:59 | 000,020,864 | ---- | C] () -- C:\windows\System32\drivers\msfilter.sys
[2011/10/13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/10/13 12:30:24 | 000,000,268 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/07/05 01:17:48 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
[2011/07/05 01:17:47 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
[2011/06/28 13:10:43 | 000,007,605 | ---- | C] () -- C:\Users\abc\AppData\Local\Resmon.ResmonCfg
[2011/05/31 07:39:50 | 000,058,368 | ---- | C] () -- C:\windows\System32\bdmpegv.dll
[2011/05/31 07:38:18 | 000,015,360 | ---- | C] () -- C:\windows\System32\bdmjpeg.dll
[2011/04/30 07:03:29 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
[2011/03/15 08:29:48 | 000,139,264 | ---- | C] () -- C:\windows\System32\nsldap32v50.dll
[2011/03/07 07:18:02 | 000,028,496 | ---- | C] () -- C:\windows\System32\SmartDefragBootTime.exe
[2011/03/07 07:18:02 | 000,015,672 | ---- | C] () -- C:\windows\System32\drivers\SmartDefragDriver.sys
[2011/02/27 20:22:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 05:44:22 | 000,000,565 | ---- | C] () -- C:\Users\abc\AppData\Roaming\myMPQ.ini
[2011/02/02 14:53:04 | 000,109,056 | -H-- | C] () -- C:\windows\ozddyeaelgyuanfj.exe
[2011/02/02 13:46:19 | 000,002,282 | ---- | C] () -- C:\Users\abc\AppData\Local\TempGUIPic.jpg
[2011/02/02 08:10:44 | 000,039,424 | ---- | C] () -- C:\windows\System32\rpiAccessProcess.dll
[2010/10/24 01:03:39 | 000,008,704 | ---- | C] () -- C:\Users\abc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 14:20:25 | 000,000,014 | ---- | C] () -- C:\windows\System32\systeminfo.dll
[2010/10/02 16:59:32 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/07/24 06:26:54 | 000,138,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/07/24 06:26:32 | 000,214,816 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2010/07/24 06:26:20 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/07/15 07:33:38 | 000,110,592 | ---- | C] () -- C:\windows\System32\suppdll.dll
[2010/07/15 07:33:38 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
[2010/07/15 07:17:22 | 000,180,224 | ---- | C] () -- C:\windows\System32\WinVd32.sys
[2010/07/15 07:17:15 | 000,007,680 | ---- | C] () -- C:\windows\System32\WinFLsrv.exe
[2010/06/14 18:28:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\aguans.exe
[2010/06/12 15:36:27 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\mtrygelk.exe
[2010/06/08 12:29:06 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\hblffa.exe
[2010/06/07 15:28:32 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\vhowop.exe
[2010/06/01 18:09:58 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\tafmlza.exe
[2010/05/30 07:42:37 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\opqrsabc.exe
[2010/05/29 00:53:52 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\xbmeit.exe
[2010/05/23 20:16:11 | 000,012,670 | ---- | C] () -- C:\Users\abc\.recently-used.xbel
[2010/05/22 18:49:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\ydwbbg.exe
[2010/05/14 03:16:40 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\frdvhzlv.exe
[2010/05/08 18:00:04 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\accfzbvx.exe
[2010/04/22 23:09:01 | 000,000,090 | ---- | C] () -- C:\Users\abc\AppData\Local\frdepbt.bat
[2010/04/09 12:31:45 | 000,000,088 | ---- | C] () -- C:\Users\abc\AppData\Local\nffee.bat

========== LOP Check ==========

[2012/02/06 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/02/06 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/02/16 04:22:03 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Atsaa
[2012/02/17 01:27:52 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Azureus
[2012/01/08 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitTorrent
[2011/12/30 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Blaze
[2010/12/17 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CoreCodec
[2011/10/14 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite
[2012/02/16 04:26:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2012/02/16 10:06:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Izbin
[2012/02/16 10:06:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Lereeh
[2012/01/14 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MotioninJoy
[2011/09/16 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\NVD
[2010/07/26 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
[2012/06/01 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Research In Motion
[2011/10/13 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SoftGrid Client
[2011/10/13 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Template
[2012/06/14 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
[2012/06/24 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2012/07/08 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\1E754
[2012/02/13 03:48:21 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\54307
[2012/01/13 07:48:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Azureus
[2012/04/13 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BITS
[2012/05/06 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BitTorrent
[2011/12/23 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Blaze
[2012/02/29 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BSplayer
[2010/03/24 00:34:56 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BSplayer Pro
[2011/07/05 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BugTrap Console Test108
[2011/06/07 20:02:36 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/20 18:26:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/06/07 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/17 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.tfhz.air.player
[2010/10/20 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\CoreCodec
[2012/01/25 03:48:47 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\CoreFTP
[2012/04/25 06:27:09 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DAEMON Tools Lite
[2011/07/23 03:16:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DVDVideoSoft
[2011/07/22 03:12:02 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/05/24 17:53:34 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FlashGet
[2010/05/24 17:53:26 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FlashGetBHO
[2012/05/16 09:45:19 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\fltk.org
[2010/07/04 13:46:56 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FOG Downloader
[2012/02/14 05:08:05 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Foro
[2010/04/21 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/04/09 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Games-Attack
[2010/11/24 02:54:41 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\GetRightToGo
[2012/05/22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\globalip
[2012/01/25 02:59:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\IObit
[2011/05/26 19:57:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Keynote Systems
[2010/07/16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient
[2010/03/25 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012/06/01 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient2
[2011/02/02 01:02:05 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Mael
[2010/09/11 04:04:04 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\mkvtoolnix
[2011/07/27 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\MotioninJoy
[2011/02/02 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Notepad++
[2010/06/06 10:54:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\NVD
[2010/07/03 23:25:19 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Opera
[2012/06/01 20:17:39 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Research In Motion
[2012/02/14 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Riaz
[2012/04/25 05:19:18 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SEGA
[2011/10/14 21:47:35 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SoftGrid Client
[2010/06/17 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Synthesia
[2011/01/24 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SystemRequirementsLab
[2010/12/16 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TeamViewer
[2010/06/06 10:54:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TP
[2012/06/14 02:55:22 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TuneUp Software
[2012/01/05 04:01:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Ubisoft
[2012/07/08 20:44:46 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\uTorrent
[2012/02/16 05:49:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Uzoswy
[2012/06/14 02:34:14 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Wireshark
[2012/01/13 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\X-Chat 2
[2012/07/07 19:34:06 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 7/8/2012 8:32:15 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\abc\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.21% Memory free
5.86 Gb Paging File | 4.23 Gb Available in Paging File | 72.10% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 12.78 Gb Free Space | 9.03% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 14.09 Gb Free Space | 9.96% Space Free | Partition Type: NTFS

Computer Name: ABC-PC | User Name: abc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{442F8E6D-C607-413C-9632-9970B67DCA89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66142F7D-FE84-4A18-80D0-EEFCD7F048A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04FC8026-2728-4532-95AB-E73D0CA4DA74}" = protocol=6 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
"{0DFA62E9-74E6-4360-BCAE-C4BCDA013736}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30CA5F66-3E87-4698-898F-942EC1B30BC9}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"{3ADD0A44-FC86-4BE3-965A-6E32B5DD5B8A}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61C06435-025E-4A1E-80C0-8BA4A43E8A43}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CC3AA05-8FFD-40E0-AF6A-DE1C0621C375}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04DB17E-D407-45EE-A7D4-EE520A768CD0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8AFBE72-1C23-451C-BD6D-E0BDF5A705D0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C549E3E3-DB0B-4ACA-B21F-F07C92B6EE2B}" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C79FA123-3FA1-47A2-9974-757E4F47B538}" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF307209-F749-4CC2-9980-143F3A27F01F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18B1B02-81C3-446A-A430-A8F252442A18}" = protocol=17 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1778002B-E441-42F6-A3B9-837B46FF909A}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{18F9A03E-A195-4F7D-A143-207E502F4A3B}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{1CEF16A5-8FC2-4C04-AC99-31517BE9EB61}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{333E3618-5201-4F5F-965A-0E19BA490D59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B0BEA724-01C5-496C-A3B1-9BE8F1DE8D59}C:\users\abc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C77EDA4E-610B-4D6A-AA62-6B75257739F4}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{1FB0D518-C0BE-422A-ABDB-D1CA3F562172}C:\users\abc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
"UDP Query User{25BD4E2B-FA58-4F12-9B2A-27E8BD86F76E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{2C60135F-99BC-4085-AC41-E1EF47C5858C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{36FD80C1-02DD-4342-B0DC-EA9F28133D85}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{7099B1E0-B30F-483D-B5DD-C3C9518558AB}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7310C541-3497-4590-ABFA-19D06B9D6E47}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BD21033-6A2D-4013-93CA-6E3C0F1D1198}" = GamingMouse
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{3FEC0E55-76BC-4619-4830-225F5A5F0B5E}" = 24hz 플레이어
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62ADAE66-EAB3-46E8-9973-2D10F67816A4}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B06F103-3DE2-4A12-9FD9-776E0019E577}" = ProxyCap
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80AEB164-0D5C-4EB6-88F4-19930661D380}" = DivXMuxGUI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}" = ESET NOD32 Antivirus
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C424A1-5C0A-426C-BB0B-D75907243EC3}" = Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3737476D828B8998E2990F74B0C2DFEDA9326473" = Windows Driver Package - Blaze (HidUsb) HIDClass (03/08/2010 1.0.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"Akamai" = Akamai NetSession Interface
"AutoItv3" = AutoIt v3.3.6.1
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"BSPlayerf" = BS.Player FREE
"Carte" = Carte 0.9.58
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.tfhz.air.player" = 24hz 플레이어
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creative Element Power Tools" = Creative Element Power Tools
"Cultris_0" = Cultris II
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FLAC" = FLAC 1.2.1b (remove only)
"FlashGet 3.3" = FlashGet 3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster 3
"HaaliMkx" = Haali Media Splitter
"Hide IP Platinum_is1" = Hide IP Platinum 3.5
"HotspotShield" = Hotspot Shield 2.53
"http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"HyperCam 2" = HyperCam 2
"INFovine" = ÈÞ´ëÆùÀÎÁõ¼(º¸°ü)¼ºñ½º
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KeynoteConnector" = Keynote Connector
"lavfilters_is1" = LAV Filters 0.50.5
"MagicLineMBX" = MagicLineMBX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVtoolnix" = MKVtoolnix 4.3.0
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_plaync" = NCLauncher (plaync)
"NifSkope" = NifSkope (remove only)
"Notepad++" = Notepad++
"npn5" = nProtect Netizen SVC (remove only)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OGPlanet Game Launcher EU" = OGPlanet Game Launcher Europe
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Protected Folder_is1" = Protected Folder
"RealPlayer 15.0" = RealPlayer
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedItupFree4.95" = Speeditup Free 4.90
"The Core Media Player" = The Core Media Player 4.0
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TVWiz" = Intel(R) TV Wizard
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHex" = WinHex
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.6.8 (32-bit)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XPMP" = Xfire Plus: Music Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2012 6:29:23 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x818 Faulting application start time: 0x01cd5bc6946004f4 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 08f0fc3a-c7ba-11e1-8069-005056c00008

Error - 7/7/2012 3:41:14 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0x738 Faulting application start time: 0x01cd5c7868e4608c Faulting application path:
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: b5c060ad-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 3:41:40 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0xc60 Faulting application start time: 0x01cd5c787ef08d57 Faulting application path:
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: c53e35ec-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 3:42:04 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0x10ac Faulting application start time: 0x01cd5c78902b83e9 Faulting application path:
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: d35b9ecc-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 3:42:18 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0x1228 Faulting application start time: 0x01cd5c78990a64af Faulting application path:
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: dc30fa10-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 3:42:24 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xfb4 Faulting application start time: 0x01cd5c788093521d Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: df95d054-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 3:42:42 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
0x1424 Faulting application start time: 0x01cd5c78a1cf1651 Faulting application path:
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: ea2873fc-c86b-11e1-b6c9-005056c00008

Error - 7/7/2012 8:48:53 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xd98 Faulting application start time: 0x01cd5ca34e5f2d12 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: affabe6f-c896-11e1-97f4-005056c00008

Error - 7/7/2012 11:10:04 PM | Computer Name = ABC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xff0 Faulting application start time: 0x01cd5cb6efcb53da Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 692f190b-c8aa-11e1-b738-005056c00008

Error - 7/7/2012 11:41:00 PM | Computer Name = ABC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x9c8 Faulting application start time: 0x01cd5cbb580add66 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: bbb5c5f7-c8ae-11e1-a9f2-005056c00008

[ System Events ]
Error - 7/8/2012 12:34:21 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1058

Error - 7/8/2012 12:34:24 AM | Computer Name = ABC-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 7/8/2012 12:42:14 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1058

Error - 7/8/2012 12:44:14 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1058

Error - 7/8/2012 1:02:41 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/8/2012 2:47:15 AM | Computer Name = ABC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/8/2012 6:13:37 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/8/2012 9:05:51 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
Description =

Error - 7/8/2012 9:06:09 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
Description =

Error - 7/8/2012 9:20:37 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva346.sys -- (XDva346)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\abc\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.223.252.137:1080
O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: crunchyroll.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
[2012/07/08 12:03:38 | 000,000,000 | ---D | C] -- C:\FRST
[2011/02/02 14:53:04 | 000,109,056 | -H-- | C] () -- C:\windows\ozddyeaelgyuanfj.exe
[2010/06/14 18:28:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\aguans.exe
[2010/06/12 15:36:27 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\mtrygelk.exe
[2010/06/08 12:29:06 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\hblffa.exe
[2010/06/07 15:28:32 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\vhowop.exe
[2010/06/01 18:09:58 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\tafmlza.exe
[2010/05/30 07:42:37 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\opqrsabc.exe
[2010/05/29 00:53:52 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\xbmeit.exe
[2010/05/22 18:49:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\ydwbbg.exe
[2010/05/14 03:16:40 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\frdvhzlv.exe
[2010/05/08 18:00:04 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\accfzbvx.exe
[2010/04/22 23:09:01 | 000,000,090 | ---- | C] () -- C:\Users\abc\AppData\Local\frdepbt.bat
[2010/04/09 12:31:45 | 000,000,088 | ---- | C] () -- C:\Users\abc\AppData\Local\nffee.bat
[2012/07/08 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\1E754
[2012/02/13 03:48:21 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\54307

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
All processes killed
========== OTL ==========
Service xhunter1 stopped successfully!
Service xhunter1 deleted successfully!
File C:\windows\xhunter1.sys not found.
Service XDva394 stopped successfully!
Service XDva394 deleted successfully!
File C:\windows\system32\XDva394.sys not found.
Service XDva393 stopped successfully!
Service XDva393 deleted successfully!
File C:\windows\system32\XDva393.sys not found.
Service XDva391 stopped successfully!
Service XDva391 deleted successfully!
File C:\windows\system32\XDva391.sys not found.
Service XDva390 stopped successfully!
Service XDva390 deleted successfully!
File C:\windows\system32\XDva390.sys not found.
Service XDva389 stopped successfully!
Service XDva389 deleted successfully!
File C:\windows\system32\XDva389.sys not found.
Service XDva388 stopped successfully!
Service XDva388 deleted successfully!
File C:\windows\system32\XDva388.sys not found.
Service XDva387 stopped successfully!
Service XDva387 deleted successfully!
File C:\windows\system32\XDva387.sys not found.
Service XDva385 stopped successfully!
Service XDva385 deleted successfully!
File C:\windows\system32\XDva385.sys not found.
Service XDva380 stopped successfully!
Service XDva380 deleted successfully!
File C:\windows\system32\XDva380.sys not found.
Service XDva375 stopped successfully!
Service XDva375 deleted successfully!
File C:\windows\system32\XDva375.sys not found.
Service XDva370 stopped successfully!
Service XDva370 deleted successfully!
File C:\windows\system32\XDva370.sys not found.
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File C:\windows\system32\XDva349.sys not found.
Service XDva347 stopped successfully!
Service XDva347 deleted successfully!
File C:\windows\system32\XDva347.sys not found.
Service XDva346 stopped successfully!
Service XDva346 deleted successfully!
File C:\windows\system32\XDva346.sys not found.
Service vtany stopped successfully!
Service vtany deleted successfully!
File C:\windows\vtany.sys not found.
Error: No service named mbr was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully.
File C:\Users\abc\AppData\Local\Temp\mbr.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\windows\system32\drivers\EagleXNt.sys not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\windows\system32\drivers\EagleNT.sys not found.
HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crunchyroll.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U folder moved successfully.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L folder moved successfully.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2} folder moved successfully.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U folder moved successfully.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L folder moved successfully.
C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\ozddyeaelgyuanfj.exe moved successfully.
C:\Users\abc\AppData\Local\aguans.exe moved successfully.
C:\Users\abc\AppData\Local\mtrygelk.exe moved successfully.
C:\Users\abc\AppData\Local\hblffa.exe moved successfully.
C:\Users\abc\AppData\Local\vhowop.exe moved successfully.
C:\Users\abc\AppData\Local\tafmlza.exe moved successfully.
File C:\Users\abc\AppData\Local\opqrsabc.exe not found.
C:\Users\abc\AppData\Local\xbmeit.exe moved successfully.
C:\Users\abc\AppData\Local\ydwbbg.exe moved successfully.
C:\Users\abc\AppData\Local\frdvhzlv.exe moved successfully.
C:\Users\abc\AppData\Local\accfzbvx.exe moved successfully.
C:\Users\abc\AppData\Local\frdepbt.bat moved successfully.
C:\Users\abc\AppData\Local\nffee.bat moved successfully.
C:\Users\abc\AppData\Roaming\1E754 folder moved successfully.
C:\Users\abc\AppData\Roaming\54307 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 53632 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 26902704 bytes
->Temporary Internet Files folder emptied: 38062598 bytes
->Java cache emptied: 2214700 bytes
->FireFox cache emptied: 137152631 bytes
->Apple Safari cache emptied: 23099392 bytes
->Opera cache emptied: 9152063 bytes
->Flash cache emptied: 5296 bytes

User: Public
->Temp folder emptied: 0 bytes

User: abc
->Temp folder emptied: 2290087 bytes
->Temporary Internet Files folder emptied: 212781607 bytes
->Java cache emptied: 313244 bytes
->FireFox cache emptied: 493187884 bytes
->Google Chrome cache emptied: 255901733 bytes
->Apple Safari cache emptied: 56343552 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 61015 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6403 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,199.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: abc
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: abc
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07092012_134938

Files\Folders moved on Reboot...
C:\windows\temp\vmware-SYSTEM-2585583032\vmware-usbarb-SYSTEM-2124.log moved successfully.

PendingFileRenameOperations files...
File C:\windows\temp\vmware-SYSTEM-2585583032\vmware-usbarb-SYSTEM-2124.log not found!

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET NOD32 Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 31
Adobe Flash Player 11.3.300.262
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 02-07-2012
Ran by abc (administrator) on 09-07-2012 at 14:05:47
Running from "C:\Users\abc\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Scanning Report
Monday, July 9, 2012 14:42:04 - 14:55:23
Computer name: ABC-PC
Scanning type: Quick scan
Target: System


--------------------------------------------------------------------------------

3 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Statistik-Gallup (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 5638
System: 5638
Not scanned: 0
Actions:
Disinfected: 3
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

--------------------------------------------------------------------------------

Options
Scanning engines:
 
You must log in or register to reply here.

Similar threads

A
Pirated Windows installer found to contain crypto-hijacker, exploit EFI partition
Replies
11
Views
702
AndreV
A
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
A
Microsoft explains how to detect a BlackLotus UEFI bootkit infection
Replies
7
Views
751
Hotlynx16
H

Latest posts

Back