TechSpot

Sirefef.FC trojan Infection

By RiceFusion
Jul 7, 2012
  1. Hello. My NOD32 recently detected Sirefef.FC trojan and is unable to delete it.
    Following message pops up:
    Object: Operating memory > C:\windows\system32\services.exe
    Threat: Win32/Sirefef.FC trojan

    Any help would be deeply appreciated.
     
  2. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.07.07
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    abc :: abc-PC [administrator]
    08/07/2012 01:25:13
    mbam-log-2012-07-08 (01-25-13).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 244717
    Time elapsed: 15 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    (end)
     
  3. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-08 02:09:08
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
    Running: pojybror.exe; Driver: C:\Users\abc\AppData\Local\Temp\ugloypow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryDirectoryFile [0x9F62B842]
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
    ---- EOF - GMER 1.0.15 ----
     
  4. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by abc at 3:11:42 on 2012-07-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.1776 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\windows\system32\nPStarterSVC.exe
    C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
    C:\windows\system32\PnkBstrA.exe
    C:\windows\system32\npnj5Agent.exe
    C:\windows\system32\PnkBstrB.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\windows\system32\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\vmnetdhcp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\GamingMouse\hid.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\sppsvc.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    \\.\globalroot\systemroot\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://google.ee/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uInternet Settings,ProxyServer = 219.223.252.137:1080
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\abc\appdata\roaming\flashgetbho\FlashGetBHO3.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfi0.dll
    TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SpeedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [Akamai NetSession Interface] "c:\users\abc\appdata\local\akamai\netsession_win.exe"
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
    mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"
    mRun: [fsn] c:\program files\phoenix technologies ltd\failsafe\FailSafeNotifier.exe
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Xfire Music] "c:\program files\xfire\xfiremusic.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [GamingMouse] c:\program files\gamingmouse\hid.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ProxyCap] c:\progra~1\proxyl~1\proxycap\pcapui.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\abc\appdata\roaming\micros~1\windows\startm~1\programs\startup\creati~1.lnk - c:\program files\creative element power tools\Startup.exe
    StartupFolder: c:\users\abc\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download All By FlashGet3 - c:\users\abc\appdata\roaming\flashgetbho\GetAllUrl.htm
    IE: Download By FlashGet3 - c:\users\abc\appdata\roaming\flashgetbho\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\abc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\abc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: pcapwsp.dll
    LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    Trusted Zone: crunchyroll.com\www
    Trusted Zone: kuaiche.com\software
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab
    DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxp://auth.siren24.com/infovine/VineTransfer.cab
    DPF: {C8223F3A-1420-4245-88F2-D874FC081574} - hxxps://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\350756564645F6573686936423935383 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\35B4956343342444 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}\4586F6D637F6E6034313538344 : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\abc\appdata\roaming\mozilla\firefox\profiles\lplktduk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
    FF - prefs.js: network.proxy.ftp - 202.158.150.175
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 55111
    FF - prefs.js: network.proxy.socks - 202.158.150.175
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 202.158.150.175
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\infovine\NpkiCard.dll
    FF - plugin: c:\program files\infovine\npVineTransfer.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
    FF - plugin: c:\program files\opera\program\plugins\npMegaPlugin.dll
    FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
    FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\program files\plaync\ncplugin\npncllm3.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
    FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\abc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\users\abc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
    FF - plugin: c:\windows\system32\npCmn.dll
    FF - plugin: c:\windows\system32\npeutilex.dll
    FF - plugin: c:\windows\system32\nPFW.dll
    FF - plugin: c:\windows\system32\nPFWFlt.dll
    FF - plugin: c:\windows\system32\npidsx.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\npOGPPlugin.dll
    FF - plugin: c:\windows\system32\npOrdInstruct.dll
    FF - plugin: c:\windows\system32\npstarterctrl.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-7 15672]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-9 218688]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-5 214664]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-5 10752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-25 497496]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-2-22 133512]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-2-22 96896]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-8 654408]
    R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe [2010-5-25 250145]
    R2 pcapsvc;ProxyCap Service;c:\program files\proxy labs\proxycap\pcapsvc.exe [2012-2-17 1372160]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-5-29 1528672]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-7-15 17984]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-8 22344]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-5-8 10064]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-2-15 322336]
    S2 AMService;AMService;c:\windows\temp\eulejr\setup.exe run --> c:\windows\temp\eulejr\setup.exe run [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 135664]
    S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-5 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-5 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-5 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-5 40552]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-7-27 81168]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-28 129976]
    S3 msfilter;Blaze Gaming Mouse;c:\windows\system32\drivers\msfilter.sys [2011-12-23 20864]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NPIDS;NPIDS;c:\windows\system32\NPIdsVt.sys [2012-1-22 47712]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2012-1-20 3567]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-3-23 26112]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-07-08 11:03:38 -------- d-----w- C:\FRST
    2012-07-08 02:11:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b128e9c1-1546-4ab3-ac6d-e21dd62e0180}\offreg.dll
    2012-07-08 00:23:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-08 00:23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-06 22:34:01 -------- d--h--w- c:\windows\PIF
    2012-07-06 22:26:27 -------- d-----w- C:\microsoft
    2012-07-05 16:47:32 -------- d-----w- c:\users\abc\appdata\local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
    2012-07-05 16:47:07 -------- d-----w- c:\users\abc\appdata\local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
    2012-07-03 15:02:13 -------- d-----w- c:\users\abc\appdata\local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
    2012-07-03 15:01:59 -------- d-----w- c:\users\abc\appdata\local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
    2012-07-03 14:05:08 -------- d-----w- c:\users\abc\appdata\local\Macromedia
    2012-07-03 11:00:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-03 06:50:13 -------- d-----w- c:\users\abc\appdata\local\{07A7090A-D502-484D-B74C-B8EA458005EA}
    2012-07-03 06:49:54 -------- d-----w- c:\users\abc\appdata\local\{DCB51446-C936-454A-9C19-10E677B52B6B}
    2012-07-02 00:50:48 -------- d-----w- c:\users\abc\appdata\local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
    2012-06-30 16:11:11 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b128e9c1-1546-4ab3-ac6d-e21dd62e0180}\mpengine.dll
    2012-06-30 15:55:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-30 15:55:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
    2012-06-30 15:55:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
    2012-06-30 15:55:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2012-06-30 15:55:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-30 15:55:00 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-30 15:54:59 748664 ----a-w- c:\program files\internet explorer\iexplore.exe
    2012-06-30 15:54:59 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-30 15:54:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
    2012-06-30 15:54:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
    2012-06-30 15:54:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-30 15:43:44 2343936 ----a-w- c:\windows\system32\win32k.sys
    2012-06-30 15:41:48 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-06-30 15:33:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-30 15:33:17 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-30 15:32:59 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-30 15:32:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-30 13:03:51 -------- d-----w- c:\program files\Core Temp
    2012-06-30 06:17:58 -------- d-----w- c:\users\abc\appdata\local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
    2012-06-29 05:32:13 -------- d-----w- c:\users\abc\appdata\local\{831F87B7-737E-4174-8957-42C378BC2C7D}
    2012-06-29 05:31:48 -------- d-----w- c:\users\abc\appdata\local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
    2012-06-28 20:23:07 -------- d-----w- c:\users\abc\appdata\local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
    2012-06-27 18:27:27 -------- d-----w- c:\users\abc\appdata\local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
    2012-06-27 00:59:23 -------- d-----w- c:\users\abc\appdata\local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
    2012-06-27 00:59:08 -------- d-----w- c:\users\abc\appdata\local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
    2012-06-26 15:37:41 -------- d-----w- c:\users\abc\appdata\local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
    2012-06-26 14:16:13 -------- d-----w- c:\users\abc\appdata\local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
    2012-06-25 18:23:25 -------- d-----w- c:\users\abc\appdata\local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
    2012-06-23 10:38:49 -------- d-----w- c:\users\abc\appdata\local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
    2012-06-23 10:38:27 -------- d-----w- c:\users\abc\appdata\local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
    2012-06-23 07:02:47 -------- d-----w- c:\users\abc\appdata\local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
    2012-06-22 23:43:38 -------- d-----w- c:\users\abc\appdata\local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
    2012-06-22 23:43:15 -------- d-----w- c:\users\abc\appdata\local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
    2012-06-22 05:38:40 -------- d-----w- c:\users\abc\appdata\local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
    2012-06-20 14:00:22 -------- d-----w- c:\users\abc\appdata\local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
    2012-06-20 14:00:11 -------- d-----w- c:\users\abc\appdata\local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
    2012-06-20 13:58:09 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-06-20 13:57:06 15712 ----a-w- c:\program files\common files\windows live\.cache\93bc8c7c1cd4eec01\MeshBetaRemover.exe
    2012-06-20 13:22:28 -------- d-----w- c:\users\abc\appdata\local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
    2012-06-20 13:22:07 -------- d-----w- c:\users\abc\appdata\local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
    2012-06-20 12:26:01 -------- d-----w- c:\users\abc\appdata\local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
    2012-06-20 12:25:38 -------- d-----w- c:\users\abc\appdata\local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
    2012-06-19 09:02:56 -------- d-----w- c:\users\abc\appdata\local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
    2012-06-18 20:59:22 -------- d-----w- c:\users\abc\appdata\local\{001B426A-7AEE-464F-9187-771967E1F799}
    2012-06-17 22:57:48 56288 ----a-w- c:\windows\system32\VineTransfer.ocx
    2012-06-17 22:57:48 -------- d-----w- c:\program files\INFovine
    2012-06-17 22:57:47 48104 ----a-w- c:\windows\system32\UbiKeyUninstall.exe
    2012-06-17 22:57:47 39904 ----a-w- c:\windows\system32\UbiKeyWin32.dll
    2012-06-17 22:57:47 39896 ----a-w- c:\windows\system32\UbiKey.dll
    2012-06-17 22:56:17 -------- d-----w- c:\program files\DreamSecurity
    2012-06-17 21:29:10 -------- d-----w- c:\users\abc\appdata\roaming\com.tfhz.air.player
    2012-06-15 15:47:30 -------- d-----w- c:\users\abc\appdata\local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
    2012-06-14 01:55:13 -------- d-----w- c:\program files\TuneUp Utilities 2012
    2012-06-14 01:48:20 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-14 01:48:20 -------- d--h--w- c:\programdata\Common Files
    2012-06-14 01:34:14 -------- d-----w- c:\users\abc\appdata\roaming\Wireshark
    2012-06-14 01:01:20 -------- d-----w- c:\program files\WinPcap
    2012-06-14 01:00:47 -------- d-----w- c:\program files\Wireshark
    2012-06-12 10:09:34 -------- d-----w- c:\users\abc\appdata\local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
    2012-06-12 10:09:03 -------- d-----w- c:\users\abc\appdata\local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
    2012-06-11 22:44:03 -------- d-----w- c:\program files\LAV Filters
    2012-06-11 05:10:25 -------- d-----w- c:\users\abc\appdata\local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
    2012-06-11 05:10:05 -------- d-----w- c:\users\abc\appdata\local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
    2012-06-10 21:37:38 -------- d-----w- c:\users\abc\appdata\local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
    2012-06-10 21:37:20 -------- d-----w- c:\users\abc\appdata\local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
    2012-06-08 22:17:36 -------- d-----w- c:\users\abc\appdata\local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
    2012-06-08 22:17:12 -------- d-----w- c:\users\abc\appdata\local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
    2012-06-08 22:11:25 -------- d-----w- c:\users\abc\appdata\local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
    2012-06-08 22:11:02 -------- d-----w- c:\users\abc\appdata\local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
    2012-06-08 21:58:40 -------- d-----w- c:\users\abc\appdata\local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
    2012-06-08 21:58:17 -------- d-----w- c:\users\abc\appdata\local\{97E292A8-00D6-4ECB-8568-04970597C97D}
    2012-06-08 20:12:10 -------- d-----w- c:\users\abc\appdata\local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
    2012-06-08 20:11:48 -------- d-----w- c:\users\abc\appdata\local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
    2012-06-08 20:09:47 -------- d-----w- c:\users\abc\appdata\local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
    2012-06-08 20:09:24 -------- d-----w- c:\users\abc\appdata\local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
    2012-06-08 15:47:40 -------- d-----w- c:\users\abc\appdata\local\{1AE509B9-4C77-45DF-8874-2AB4CAEB81B9}
    2012-06-08 15:47:22 -------- d-----w- c:\users\abc\appdata\local\{0958F1D1-B5BD-47B3-B747-2518DDEA05DB}
    .
    ==================== Find3M ====================
    .
    2012-06-22 23:37:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 23:37:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-01 20:42:33 256 ----a-w- c:\windows\system32\pool.bin
    2012-05-29 19:46:48 31584 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-05-29 19:46:46 21344 ----a-w- c:\windows\system32\authuitu.dll
    2012-05-15 06:30:58 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-05-15 06:30:58 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-05-15 06:30:58 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-05-15 06:30:58 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2012-05-04 09:59:54 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-05-03 02:54:46 42392 ----a-w- c:\windows\system32\xfcodec.dll
    2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-11 15:40:28 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2012-04-09 21:34:20 3957088 ----a-w- c:\windows\system32\GameMon.des
    2010-05-07 20:13:40 6 ----a-w- c:\program files\common files\UnInstallCompleted.tmp
    .
    ============= FINISH: 3:14:51.49 ===============
     
  5. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 24/03/2010 17:36:50
    System Uptime: 08/07/2012 03:06:37 (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 141 GiB total, 8.822 GiB free.
    D: is FIXED (NTFS) - 141 GiB total, 14.093 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP575: 07/07/2012 19:54:55 - Windows Modules Installer
    RP576: 07/07/2012 19:56:06 - Windows Modules Installer
    RP577: 07/07/2012 19:56:56 - Windows Modules Installer
    RP578: 07/07/2012 19:57:22 - Windows Modules Installer
    RP579: 07/07/2012 19:58:10 - Windows Modules Installer
    RP580: 07/07/2012 19:58:49 - Windows Modules Installer
    RP581: 07/07/2012 19:59:24 - Windows Modules Installer
    RP582: 07/07/2012 20:01:30 - Windows Modules Installer
    RP583: 07/07/2012 20:05:49 - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    ÈÞ´ëÆùÀÎÁõ¼(º¸°ü)¼ºñ½º
    24hz ????
    7-Zip 9.20
    AC3Filter (remove only)
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.5
    Advanced SystemCare 5
    AIDA64 Extreme Edition v2.00
    Akamai NetSession Interface
    AnyPC Client
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    µTorrent
    Audiosurf
    AutoIt v3.3.6.1
    Bandisoft MPEG-1 Decoder
    BatteryLifeExtender
    Bing Bar Platform
    BitTorrent
    BlackBerry Desktop Software 7.0
    BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
    Bonjour
    BS.Player FREE
    Carte 0.9.58
    Cheat Engine 6.0
    Combined Community Codec Pack 2009-09-09
    Compatibility Pack for the 2007 Office system
    Core FTP LE 2.1
    Core Temp 1.0 RC3
    Creative Element Power Tools
    Cultris II
    CyberLink DVD Suite
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 8
    CyberLink PowerProducer
    CyberLink YouCam
    D3DX10
    DAEMON Tools Lite
    DAEMON Tools Toolbar
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    DivXMuxGUI
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    ESET NOD32 Antivirus
    Facebook Video Calling 1.2.0.159
    ffdshow v1.1.3562 [2010-09-07]
    FLAC 1.2.1b (remove only)
    FlashGet 3.3
    Free Audio CD Burner version 1.4.7
    Free Mp3 Wma Ogg Converter 7.1.1
    Free Studio version 5.1.4
    Free YouTube Download 2.9
    Free YouTube to MP3 Converter version 3.9.35.324
    Game Booster 3
    GamingMouse
    GDMO
    GIMP 2.6.11
    Google Chrome
    Google Earth
    Google Update Helper
    GPL MPEG-1/2 DirectShow Decoder Filter
    Haali Media Splitter
    Hide IP Platinum 3.5
    Hotspot Shield 2.53
    HP Deskjet 3050 J610 series Basic Device Software
    HxD Hex Editor version 1.7.7.0
    HyperCam 2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Keynote Connector
    LAV Filters 0.50.5
    League of Legends
    MagicLineMBX
    Malwarebytes Anti-Malware version 1.61.0.1400
    Marvell Miniport Driver
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    mkv2vob
    MKVtoolnix 4.3.0
    MotioninJoy ds3 driver version 0.6.0003
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Firefox 7.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCLauncher (plaync)
    Nexon Game Manager
    NifSkope (remove only)
    Notepad++
    nProtect Netizen SVC (remove only)
    OGA Notifier 2.0.0048.0
    OGPlanet Game Launcher
    OGPlanet Game Launcher Europe
    Opera 10.63
    PHANTASY STAR ONLINE 2
    Protected Folder
    ProxyCap
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Safari
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    SamsungMovie
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.8
    Smart Defrag 2
    Speeditup Free 4.90
    System Requirements Lab
    System Requirements Lab for Intel
    The Core Media Player 4.0
    The KMPlayer (remove only)
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Ubisoft Game Launcher
    Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
    Unity Web Player
    Unlocker 1.9.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    User Guide
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.0.1
    VMware Workstation
    Windows Driver Package - Blaze (HidUsb) HIDClass (03/08/2010 1.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinHex
    WinPcap 4.1.2
    WinRAR archiver
    Wireshark 1.6.8 (32-bit)
    Wolfenstein - Enemy Territory
    XChat 2 (remove only)
    Xfire (remove only)
    Xfire Plus: Music Plugin
    XfireXO Toolbar
    Yu-Gi-Oh! ONLINE 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    08/07/2012 03:09:06, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    08/07/2012 03:08:07, Error: Service Control Manager [7001] -
    08/07/2012 03:07:43, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    07/07/2012 20:40:24, Error: volmgr [46] - Crash dump initialization failed!
    07/07/2012 18:32:53, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user abc-PC\Guest SID (S-1-5-21-1871111397-3539990770-1974983793-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    06/07/2012 12:51:54, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  6. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
    Ran by SYSTEM at 08-07-2012 03:03:58
    Running from H:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
    HKLM\...\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
    HKLM\...\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
    HKLM\...\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe" [13312 2009-10-20] (DoctorSoft)
    HKLM\...\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe [137792 2010-03-25] ()
    HKLM\...\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
    HKLM\...\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [243544 2010-03-24] (Microsoft Corp.)
    HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8120864 2009-12-14] (Realtek Semiconductor)
    HKLM\...\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe" [253650 2006-11-20] ()
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [GamingMouse] C:\Program Files\GamingMouse\hid.exe [240640 2010-07-16] ()
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [138008 2011-10-13] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [171288 2011-10-13] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [172824 2011-10-13] (Intel Corporation)
    HKLM\...\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe [1441792 2012-02-17] (Proxy Labs)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Guest\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
    HKU\Guest\...\Run: [frdepbt] "c:\users\abc\appdata\local\frdepbt.exe" frdepbt [x]
    HKU\Guest\...\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI [2275328 2008-06-09] (MicroSmarts LLC.)
    HKU\Guest\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
    HKU\Guest\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [112400 2011-09-13] (www.motioninjoy.com)
    HKU\Guest\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
    HKU\Guest\...\Run: [Akamai NetSession Interface] "C:\Users\abc\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
    HKU\Guest\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [x]
    HKU\Guest\...\Run: [Facebook Update] "C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-05-27] (Facebook Inc.)
    HKU\abc\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-20] (BitTorrent, Inc.)
    HKU\abc\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
    HKU\abc\...\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI [2275328 2008-06-09] (MicroSmarts LLC.)
    HKU\abc\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
    HKU\abc\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [112400 2011-09-13] (www.motioninjoy.com)
    HKU\abc\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
    HKU\abc\...\Run: [Akamai NetSession Interface] "C:\Users\abc\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
    HKU\abc\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [620376 2011-12-29] (IObit)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\abc\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk
    ShortcutTarget: Creative Element Power Tools Startup.lnk -> C:\Program Files\Creative Element Power Tools\Startup.exe (Creative Element)
    Startup: C:\Users\abc\Start Menu\Programs\Startup\Xfire.lnk
    ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    ================================ Services (Whitelisted) ==================
    2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [33560 2010-02-22] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [810120 2010-02-22] (ESET)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
    2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-15] (AnchorFree Inc.)
    3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
    2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    3 npggsvc; C:\windows\system32\GameMon.des -service [3957088 2012-04-09] (INCA Internet Co., Ltd.)
    2 nPStarterSVC; C:\windows\system32\nPStarterSVC.exe [250145 2010-05-25] (INCA Internet Co., Ltd.)
    3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
    3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
    2 pcapsvc; "C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe" [1372160 2012-02-17] (Proxy Labs)
    2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [75064 2010-07-23] ()
    2 PnkBstrB; C:\windows\system32\PnkBstrB.exe [214816 2010-08-04] ()
    2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies)
    2 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe" [1528672 2012-05-29] (TuneUp Software)
    2 VMnetDHCP; C:\windows\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
    2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [563760 2010-01-22] (VMware, Inc.)
    2 VMware NAT Service; C:\windows\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
    2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
    2 AMService; C:\windows\TEMP\eulejr\setup.exe run [x]
    2 datunidr; C:\Windows\System32\dlaboiom.dll [x]
    2 hpqcxs08; C:\Windows\System32\odserv.dll [x]
    2 imagedrv; C:\Windows\System32\wstcodec.dll [x]
    2 irmon; C:\Windows\System32\vrmonsvc.dll [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
    3 ufad-ws60; "C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
    2 VMAuthdService; "C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" [x]
    ========================== Drivers (Whitelisted) =============
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-08] (DT Soft Ltd)
    2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133512 2010-02-22] (ESET)
    1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [114984 2010-02-22] (ESET)
    2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96896 2010-02-22] (ESET)
    2 hcmon; \??\C:\windows\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
    3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2012-04-11] (AnchorFree Inc.)
    3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [127488 2010-03-14] (Intel(R) Corporation)
    3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
    3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
    3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-11-11] (McAfee, Inc.)
    3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-11-11] (McAfee, Inc.)
    1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-11-11] (McAfee, Inc.)
    3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-11] (McAfee, Inc.)
    3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-11] (McAfee, Inc.)
    3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [81168 2011-01-01] (MotioninJoy)
    3 msfilter; C:\Windows\System32\drivers\msfilter.sys [20864 2010-04-13] ()
    2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
    3 NPIDS; \??\C:\windows\system32\NpIdsVt.sys [47712 2010-05-13] (INCA Internet Co., Ltd.)
    3 NPPTNT2; \??\C:\windows\system32\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
    3 PnkBstrK; \??\C:\windows\system32\drivers\PnkBstrK.sys [138328 2010-08-04] ()
    3 PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [3567 2009-01-18] (Beyond Logic http://www.beyondlogic.org)
    1 SABI; \??\C:\windows\system32\Drivers\SABI.sys [10752 2009-05-27] (SAMSUNG ELECTRONICS)
    0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
    3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
    3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-04-06] (AnchorFree Inc)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
    2 vmci; \??\C:\windows\system32\Drivers\vmci.sys [70704 2010-01-22] (VMware, Inc.)
    3 vmkbd; \??\C:\windows\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
    3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
    2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36400 2010-01-22] (VMware, Inc.)
    2 VMnetuserif; \??\C:\windows\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
    3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-01-22] (VMware, Inc.)
    2 vmx86; \??\C:\windows\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
    2 windrvNT; \??\C:\windows\system32\windrvNT.sys [35363 2010-07-14] ()
    2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [17984 2010-07-14] ()
    3 WinVd32; \??\C:\windows\system32\WinVd32.sys [180224 2010-07-14] ()
    3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [322336 2010-02-15] (Marvell)
    3 ALSysIO; \??\C:\Users\abc\AppData\Local\Temp\ALSysIO.sys [x]
    1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [x]
    3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [x]
    3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [x]
    2 vstor2-ws60; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [x]
    3 vtany; \??\C:\windows\vtany.sys [x]
    3 XDva346; \??\C:\windows\system32\XDva346.sys [x]
    3 XDva347; \??\C:\windows\system32\XDva347.sys [x]
    3 XDva349; \??\C:\windows\system32\XDva349.sys [x]
    3 XDva370; \??\C:\windows\system32\XDva370.sys [x]
    3 XDva375; \??\C:\windows\system32\XDva375.sys [x]
    3 XDva380; \??\C:\windows\system32\XDva380.sys [x]
    3 XDva385; \??\C:\windows\system32\XDva385.sys [x]
    3 XDva387; \??\C:\windows\system32\XDva387.sys [x]
    3 XDva388; \??\C:\windows\system32\XDva388.sys [x]
    3 XDva389; \??\C:\windows\system32\XDva389.sys [x]
    3 XDva390; \??\C:\windows\system32\XDva390.sys [x]
    3 XDva391; \??\C:\windows\system32\XDva391.sys [x]
    3 XDva393; \??\C:\windows\system32\XDva393.sys [x]
    3 XDva394; \??\C:\windows\system32\XDva394.sys [x]
    3 xhunter1; \??\C:\windows\xhunter1.sys [x]
    ========================== NetSvcs (Whitelisted) ===========
    NETSVC: imagedrv -> C:\Windows\system32\wstcodec.dll ==> No File.
    NETSVC: tmactmon -> No Registry Path.
    NETSVC: SE2Bbus -> No Registry Path.
    NETSVC: epgspooler -> No Registry Path.
    NETSVC: awlegacy -> No Registry Path.
    NETSVC: GENERICDRV -> No Registry Path.
    NETSVC: icdsptsv -> No Registry Path.
    NETSVC: lyncusbserv -> No Registry Path.
    NETSVC: WD_FireWire_HID -> No Registry Path.
    NETSVC: STV680 -> No Registry Path.
    NETSVC: ScFBPNT2 -> No Registry Path.
    NETSVC: tbaspi -> No Registry Path.
    NETSVC: lxce_device -> No Registry Path.
    NETSVC: vetfddnt -> No Registry Path.
    NETSVC: zebrsce -> No Registry Path.
    NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.
    NETSVC: bmwebcfg -> No Registry Path.
    NETSVC: grmnusb -> No Registry Path.
    NETSVC: elagopro -> No Registry Path.
    NETSVC: SQTECH905C -> No Registry Path.
    NETSVC: iviVD -> No Registry Path.
    NETSVC: s117mdm -> No Registry Path.
    NETSVC: modemcsa -> No Registry Path.
    NETSVC: dlbx_device -> No Registry Path.
    NETSVC: basic2 -> No Registry Path.
    NETSVC: hpqcxs08 -> C:\Windows\system32\odserv.dll ==> No File.
    NETSVC: CiscoVpnInstallService -> No Registry Path.
    NETSVC: djsnetcn -> No Registry Path.
    NETSVC: NWADI -> No Registry Path.
    NETSVC: datunidr -> C:\Windows\system32\dlaboiom.dll ==> No File.
     
  7. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    ============ One Month Created Files and Folders ==============
    2012-07-07 17:11 - 2012-07-07 17:11 - 00607260 ____R (Swearware) C:\Users\abc\Desktop\dds.scr
    2012-07-07 17:09 - 2012-07-07 17:09 - 00000593 ____A C:\Users\abc\Desktop\gmer.log
    2012-07-07 16:54 - 2012-07-07 16:54 - 00302592 ____A C:\Users\abc\Desktop\pojybror.exe
    2012-07-07 16:23 - 2012-07-07 16:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 16:23 - 2012-07-07 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-07-07 16:23 - 2012-04-04 06:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-07 16:21 - 2012-07-07 16:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\abc\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-07 15:23 - 2011-02-07 09:15 - 323022919 ____A C:\Users\abc\Desktop\Full.House.E08.2004.iCEDRAMA.480p.Lynx.877593B9.mkv
    2012-07-07 15:06 - 2012-07-07 15:10 - 68798269 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.002
    2012-07-07 15:05 - 2012-07-07 15:14 - 209715200 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.001
    2012-07-07 11:50 - 2012-07-07 12:41 - 00000253 ____A C:\Users\abc\Desktop\FSS.txt
    2012-07-07 11:49 - 2012-07-07 11:49 - 00341299 ____A C:\Users\abc\Downloads\FSS.exe
    2012-07-07 11:39 - 2012-07-07 11:39 - 00003352 ____N C:\bootsqm.dat
    2012-07-06 14:34 - 2012-07-06 14:34 - 00000000 ___HD C:\Windows\PIF
    2012-07-05 08:47 - 2012-07-05 08:47 - 00000000 ____D C:\Users\abc\AppData\Local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
    2012-07-05 08:47 - 2012-07-05 08:47 - 00000000 ____D C:\Users\abc\AppData\Local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
    2012-07-03 07:02 - 2012-07-03 07:02 - 00000000 ____D C:\Users\abc\AppData\Local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
    2012-07-03 07:01 - 2012-07-03 07:02 - 00000000 ____D C:\Users\abc\AppData\Local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
    2012-07-03 06:05 - 2012-07-03 06:05 - 00000000 ____D C:\Users\abc\AppData\Local\Macromedia
    2012-07-03 03:00 - 2012-07-03 03:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-02 22:50 - 2012-07-02 22:50 - 00000000 ____D C:\Users\abc\AppData\Local\{07A7090A-D502-484D-B74C-B8EA458005EA}
    2012-07-02 22:49 - 2012-07-02 22:50 - 00000000 ____D C:\Users\abc\AppData\Local\{DCB51446-C936-454A-9C19-10E677B52B6B}
    2012-07-01 16:50 - 2012-07-01 16:50 - 00000000 ____D C:\Users\abc\AppData\Local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
    2012-06-30 07:55 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-30 07:55 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-30 07:55 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-30 07:55 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-30 07:55 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-30 07:55 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-30 07:55 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-30 07:54 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-30 07:54 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-30 07:54 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-30 07:54 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-30 07:54 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-30 07:54 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-30 07:54 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-30 07:44 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-06-30 07:44 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-30 07:44 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-30 07:44 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-30 07:44 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-30 07:44 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-30 07:44 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-30 07:44 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-30 07:44 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-30 07:44 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-30 07:44 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-06-30 07:44 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-30 07:44 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-06-30 07:44 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-06-30 07:43 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-30 07:41 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-06-30 07:33 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-30 07:33 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-30 07:33 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-30 07:33 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-30 07:33 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-30 07:33 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-30 07:33 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-30 07:32 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-30 07:32 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-29 23:37 - 2012-06-29 23:37 - 00000048 ____A C:\Users\abc\Desktop\c.txt
    2012-06-29 22:17 - 2012-06-29 22:17 - 00000000 ____D C:\Users\abc\AppData\Local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
    2012-06-28 21:32 - 2012-06-28 21:32 - 00000000 ____D C:\Users\abc\AppData\Local\{831F87B7-737E-4174-8957-42C378BC2C7D}
    2012-06-28 21:31 - 2012-06-28 21:32 - 00000000 ____D C:\Users\abc\AppData\Local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
    2012-06-28 12:23 - 2012-06-28 12:23 - 00000000 ____D C:\Users\abc\AppData\Local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
    2012-06-27 10:27 - 2012-06-27 10:27 - 00000000 ____D C:\Users\abc\AppData\Local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
    2012-06-26 16:59 - 2012-06-26 16:59 - 00000000 ____D C:\Users\abc\AppData\Local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
    2012-06-26 16:59 - 2012-06-26 16:59 - 00000000 ____D C:\Users\abc\AppData\Local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
    2012-06-26 16:56 - 2012-06-26 16:56 - 00000000 ____A C:\Windows\System32\cd.dat
    2012-06-26 16:55 - 2012-06-26 16:55 - 00146152 ____A C:\Windows\Minidump\062712-23181-01.dmp
    2012-06-26 07:37 - 2012-06-26 07:37 - 00000000 ____D C:\Users\abc\AppData\Local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
    2012-06-26 06:16 - 2012-06-26 06:16 - 00000000 ____D C:\Users\abc\AppData\Local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
    2012-06-25 10:23 - 2012-06-25 10:23 - 00000000 ____D C:\Users\abc\AppData\Local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
    2012-06-24 02:54 - 2012-06-24 02:54 - 00011109 ____A C:\Users\Guest\Downloads\veselie_kanikuly_[tfile.ru].avi.torrent
    2012-06-23 13:45 - 2012-06-23 15:28 - 00000000 ____D C:\Users\Guest\Desktop\New folder
    2012-06-23 02:38 - 2012-06-23 02:38 - 00000000 ____D C:\Users\abc\AppData\Local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
    2012-06-23 02:38 - 2012-06-23 02:38 - 00000000 ____D C:\Users\abc\AppData\Local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
    2012-06-23 01:11 - 2012-06-23 01:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Macromedia
    2012-06-22 23:02 - 2012-06-22 23:02 - 00000000 ____D C:\Users\abc\AppData\Local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
    2012-06-22 15:43 - 2012-06-22 15:43 - 00000000 ____D C:\Users\abc\AppData\Local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
    2012-06-22 15:43 - 2012-06-22 15:43 - 00000000 ____D C:\Users\abc\AppData\Local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
    2012-06-21 21:38 - 2012-06-21 21:38 - 00000000 ____D C:\Users\abc\AppData\Local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
    2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____D C:\Users\abc\AppData\Local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
    2012-06-20 06:00 - 2012-06-20 06:00 - 00000000 ____D C:\Users\abc\AppData\Local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
    2012-06-20 05:58 - 2012-03-08 09:32 - 00039272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
    2012-06-20 05:22 - 2012-06-20 05:22 - 00000000 ____D C:\Users\abc\AppData\Local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
    2012-06-20 05:22 - 2012-06-20 05:22 - 00000000 ____D C:\Users\abc\AppData\Local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
    2012-06-20 04:26 - 2012-06-20 04:26 - 00000000 ____D C:\Users\abc\AppData\Local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
    2012-06-20 04:25 - 2012-06-20 04:26 - 00000000 ____D C:\Users\abc\AppData\Local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
    2012-06-19 13:44 - 2012-06-19 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\ESET
    2012-06-19 01:02 - 2012-06-19 01:03 - 00000000 ____D C:\Users\abc\AppData\Local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
    2012-06-18 12:59 - 2012-06-19 01:02 - 00000000 ____D C:\Users\abc\AppData\Local\{001B426A-7AEE-464F-9187-771967E1F799}
    2012-06-17 15:09 - 2012-06-17 15:09 - 00031502 ____A C:\Users\abc\Downloads\f18t64p389n1.rar
    2012-06-17 15:07 - 2012-06-17 15:07 - 00053856 ____A C:\Users\abc\Downloads\KSSN Pack 1 By KssnGiver.rar
    2012-06-17 14:57 - 2012-06-17 14:57 - 00000000 ____D C:\Program Files\INFovine
    2012-06-17 14:57 - 2011-12-27 00:59 - 00056288 ____A ((?)????) C:\Windows\System32\VineTransfer.ocx
    2012-06-17 14:57 - 2011-12-27 00:59 - 00048104 ____A ((?)????) C:\Windows\System32\UbiKeyUninstall.exe
    2012-06-17 14:57 - 2011-12-27 00:59 - 00039904 ____A ((?)????) C:\Windows\System32\UbiKeyWin32.dll
    2012-06-17 14:57 - 2011-12-27 00:59 - 00039896 ____A ((?)????) C:\Windows\System32\UbiKey.dll
    2012-06-17 14:56 - 2012-06-17 14:56 - 00000000 ____D C:\Program Files\DreamSecurity
    2012-06-17 13:29 - 2012-06-17 13:29 - 00000000 ____D C:\Users\abc\AppData\Roaming\com.tfhz.air.player
    2012-06-17 13:28 - 2012-06-17 13:28 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607 (1).exe
    2012-06-16 09:34 - 2012-06-16 09:35 - 00000000 ____D C:\Users\abc\Downloads\delICEr
    2012-06-15 07:47 - 2012-06-17 10:34 - 00000000 ____D C:\Users\abc\AppData\Local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
    2012-06-13 23:42 - 2012-06-13 23:42 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607.exe
    2012-06-13 17:55 - 2012-06-13 17:55 - 00000000 ____D C:\Program Files\TuneUp Utilities 2012
    2012-06-13 17:48 - 2012-06-13 17:48 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-13 17:47 - 2012-06-13 17:47 - 38136752 ____A (TuneUp Software) C:\Users\abc\Downloads\TuneUpUtilities2012_en-US.exe
    2012-06-13 17:34 - 2012-06-13 17:34 - 00000000 ____D C:\Users\abc\AppData\Roaming\Wireshark
    2012-06-13 17:01 - 2012-06-13 17:01 - 00000000 ____D C:\Program Files\WinPcap
    2012-06-13 17:00 - 2012-06-13 17:01 - 00000000 ____D C:\Program Files\Wireshark
    2012-06-13 16:58 - 2012-06-13 16:59 - 19599159 ____A (Wireshark development team) C:\Users\abc\Downloads\wireshark-win32-1.6.8.exe
    2012-06-12 14:56 - 2012-06-12 14:56 - 00019529 ____A C:\Users\abc\Downloads\[BakaBT.165705v0] [Commie] Zero no Tsukaima F.torrent
    2012-06-12 02:09 - 2012-06-12 02:09 - 00000000 ____D C:\Users\abc\AppData\Local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
    2012-06-12 02:09 - 2012-06-12 02:09 - 00000000 ____D C:\Users\abc\AppData\Local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
    2012-06-11 14:44 - 2012-06-11 14:44 - 00000000 ____D C:\Program Files\LAV Filters
    2012-06-11 14:43 - 2012-06-11 14:43 - 06580237 ____A (1f0.de ) C:\Users\abc\Downloads\LAVFilters-0.50.5.exe
    2012-06-11 01:42 - 2012-06-11 01:42 - 00023001 ____A C:\Users\abc\Downloads\%5BFinal8%5DIsekai+no+Seikishi+Monogatari+-+01-13%28BD+10-bit+1280x720+x264+AAC%29.torrent
    2012-06-10 21:10 - 2012-06-10 21:10 - 00000000 ____D C:\Users\abc\AppData\Local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
    2012-06-10 21:10 - 2012-06-10 21:10 - 00000000 ____D C:\Users\abc\AppData\Local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
    2012-06-10 13:37 - 2012-06-10 13:37 - 00000000 ____D C:\Users\abc\AppData\Local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
    2012-06-10 13:37 - 2012-06-10 13:37 - 00000000 ____D C:\Users\abc\AppData\Local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
    2012-06-08 14:17 - 2012-06-08 14:17 - 00000000 ____D C:\Users\abc\AppData\Local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
    2012-06-08 14:17 - 2012-06-08 14:17 - 00000000 ____D C:\Users\abc\AppData\Local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
    2012-06-08 14:11 - 2012-06-08 14:11 - 00000000 ____D C:\Users\abc\AppData\Local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
    2012-06-08 14:11 - 2012-06-08 14:11 - 00000000 ____D C:\Users\abc\AppData\Local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
    2012-06-08 13:58 - 2012-06-08 13:58 - 00000000 ____D C:\Users\abc\AppData\Local\{97E292A8-00D6-4ECB-8568-04970597C97D}
    2012-06-08 13:58 - 2012-06-08 13:58 - 00000000 ____D C:\Users\abc\AppData\Local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
    2012-06-08 12:18 - 2012-06-08 12:18 - 00031953 ____A C:\Users\abc\Downloads\[BakaBT.148053v0] Majin Tantei Nougami Neuro [720p H264] - [Catchphrase - Ainex].torrent
    2012-06-08 12:12 - 2012-06-08 12:12 - 00000000 ____D C:\Users\abc\AppData\Local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
    2012-06-08 12:11 - 2012-06-08 12:12 - 00000000 ____D C:\Users\abc\AppData\Local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
    2012-06-08 12:09 - 2012-06-08 12:09 - 00000000 ____D C:\Users\abc\AppData\Local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
    2012-06-08 12:09 - 2012-06-08 12:09 - 00000000 ____D C:\Users\abc\AppData\Local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
    2012-06-08 07:47 - 2012-06-08 07:47 - 00000000 ____D C:\Users\abc\AppData\Local\{1AE509B9-4C77-45DF-8874-2AB4CAEB81B9}
    2012-06-08 07:47 - 2012-06-08 07:47 - 00000000 ____D C:\Users\abc\AppData\Local\{0958F1D1-B5BD-47B3-B747-2518DDEA05DB}
    2012-06-08 07:28 - 2012-06-28 19:20 - 00000205 ____A C:\Users\abc\Desktop\a.txt
    2012-06-08 06:56 - 2012-06-08 06:56 - 00032467 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 12 [BD 1920x1080 H264 FLAC] [2A95B660].mkv.torrent
    2012-06-08 06:55 - 2012-06-08 06:55 - 00034407 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 11 [BD 1920x1080 H264 FLAC] [14787537].mkv.torrent
    2012-06-08 06:55 - 2012-06-08 06:55 - 00027767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 10 [BD 1920x1080 H264 FLAC] [1425D434].mkv.torrent
    2012-06-08 06:54 - 2012-06-08 06:54 - 00035267 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 08 [BD 1920x1080 H264 FLAC] [04A58265].mkv.torrent
    2012-06-08 06:54 - 2012-06-08 06:54 - 00030547 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 09 [BD 1920x1080 H264 FLAC] [08E480C1].mkv.torrent
    2012-06-08 06:53 - 2012-06-08 06:53 - 00028003 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1280x720 H264 AAC] [CE8E5D1D].mkv.torrent

    ============ 3 Months Modified Files ========================
    2012-07-07 17:59 - 2010-03-24 10:31 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-07 17:45 - 2009-12-04 18:40 - 01913216 ____A C:\Windows\WindowsUpdate.log
    2012-07-07 17:38 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-07 17:38 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-07 17:34 - 2012-03-30 17:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-07 17:11 - 2012-07-07 17:11 - 00607260 ____R (Swearware) C:\Users\abc\Desktop\dds.scr
    2012-07-07 17:09 - 2012-07-07 17:09 - 00000593 ____A C:\Users\abc\Desktop\gmer.log
    2012-07-07 17:06 - 2010-06-26 12:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
    2012-07-07 16:54 - 2012-07-07 16:54 - 00302592 ____A C:\Users\abc\Desktop\pojybror.exe
    2012-07-07 16:47 - 2012-01-24 19:23 - 00077908 ____A C:\Windows\PFRO.log
    2012-07-07 16:47 - 2012-01-24 19:12 - 00032360 ____A C:\Windows\setupact.log
    2012-07-07 16:47 - 2010-07-14 22:33 - 00001040 ____A C:\sccfg.sys
    2012-07-07 16:47 - 2010-03-24 10:31 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-07 16:47 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-07 16:28 - 2012-06-07 08:36 - 00000287 ____A C:\Users\abc\Desktop\e.txt
    2012-07-07 16:23 - 2012-07-07 16:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-07 16:22 - 2012-07-07 16:21 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\abc\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-07 15:14 - 2012-07-07 15:05 - 209715200 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.001
    2012-07-07 15:10 - 2012-07-07 15:06 - 68798269 ____A C:\Users\abc\Downloads\Full.House.E09.2004.iCEDRAMA.480p.Lynx.zip.002
    2012-07-07 12:41 - 2012-07-07 11:50 - 00000253 ____A C:\Users\abc\Desktop\FSS.txt
    2012-07-07 11:49 - 2012-07-07 11:49 - 00341299 ____A C:\Users\abc\Downloads\FSS.exe
    2012-07-07 11:39 - 2012-07-07 11:39 - 00003352 ____N C:\bootsqm.dat
    2012-07-07 10:47 - 2012-05-14 21:51 - 60817408 ____A C:\Windows\System32\config\software.iobit
    2012-07-07 10:47 - 2012-05-14 21:51 - 19804160 ____A C:\Windows\System32\config\system.iobit
    2012-07-07 10:47 - 2012-05-14 21:51 - 00720896 ____A C:\Windows\System32\config\default.iobit
    2012-07-07 10:47 - 2012-05-14 21:51 - 00032768 ____A C:\Windows\System32\config\security.iobit
    2012-07-07 10:47 - 2012-05-14 21:51 - 00028672 ____A C:\Windows\System32\config\sam.iobit
    2012-07-07 10:40 - 2009-07-26 12:06 - 00796888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-07 10:34 - 2009-07-13 20:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-07 00:31 - 2010-06-26 12:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
    2012-07-02 22:31 - 2009-07-13 20:33 - 03784248 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-30 08:04 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
    2012-06-29 23:37 - 2012-06-29 23:37 - 00000048 ____A C:\Users\abc\Desktop\c.txt
    2012-06-28 19:20 - 2012-06-08 07:28 - 00000205 ____A C:\Users\abc\Desktop\a.txt
    2012-06-26 16:56 - 2012-06-26 16:56 - 00000000 ____A C:\Windows\System32\cd.dat
    2012-06-26 16:55 - 2012-06-26 16:55 - 00146152 ____A C:\Windows\Minidump\062712-23181-01.dmp
    2012-06-24 02:54 - 2012-06-24 02:54 - 00011109 ____A C:\Users\Guest\Downloads\veselie_kanikuly_[tfile.ru].avi.torrent
    2012-06-22 15:37 - 2012-03-30 17:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-06-22 15:37 - 2011-09-03 18:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-06-17 15:09 - 2012-06-17 15:09 - 00031502 ____A C:\Users\abc\Downloads\f18t64p389n1.rar
    2012-06-17 15:07 - 2012-06-17 15:07 - 00053856 ____A C:\Users\abc\Downloads\KSSN Pack 1 By KssnGiver.rar
    2012-06-17 13:28 - 2012-06-17 13:28 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607 (1).exe
    2012-06-15 14:12 - 2012-04-27 17:02 - 00000621 ____A C:\Users\abc\Last session abc.prj
    2012-06-13 23:42 - 2012-06-13 23:42 - 02544688 ____A (NCsoft Corporation) C:\Users\abc\Downloads\nclauncher_FULL_20120607.exe
    2012-06-13 17:47 - 2012-06-13 17:47 - 38136752 ____A (TuneUp Software) C:\Users\abc\Downloads\TuneUpUtilities2012_en-US.exe
    2012-06-13 16:59 - 2012-06-13 16:58 - 19599159 ____A (Wireshark development team) C:\Users\abc\Downloads\wireshark-win32-1.6.8.exe
    2012-06-12 14:56 - 2012-06-12 14:56 - 00019529 ____A C:\Users\abc\Downloads\[BakaBT.165705v0] [Commie] Zero no Tsukaima F.torrent
    2012-06-11 14:43 - 2012-06-11 14:43 - 06580237 ____A (1f0.de ) C:\Users\abc\Downloads\LAVFilters-0.50.5.exe
    2012-06-11 01:42 - 2012-06-11 01:42 - 00023001 ____A C:\Users\abc\Downloads\%5BFinal8%5DIsekai+no+Seikishi+Monogatari+-+01-13%28BD+10-bit+1280x720+x264+AAC%29.torrent
    2012-06-08 12:18 - 2012-06-08 12:18 - 00031953 ____A C:\Users\abc\Downloads\[BakaBT.148053v0] Majin Tantei Nougami Neuro [720p H264] - [Catchphrase - Ainex].torrent
    2012-06-08 06:56 - 2012-06-08 06:56 - 00032467 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 12 [BD 1920x1080 H264 FLAC] [2A95B660].mkv.torrent
    2012-06-08 06:55 - 2012-06-08 06:55 - 00034407 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 11 [BD 1920x1080 H264 FLAC] [14787537].mkv.torrent
    2012-06-08 06:55 - 2012-06-08 06:55 - 00027767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 10 [BD 1920x1080 H264 FLAC] [1425D434].mkv.torrent
    2012-06-08 06:54 - 2012-06-08 06:54 - 00035267 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 08 [BD 1920x1080 H264 FLAC] [04A58265].mkv.torrent
    2012-06-08 06:54 - 2012-06-08 06:54 - 00030547 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 09 [BD 1920x1080 H264 FLAC] [08E480C1].mkv.torrent
    2012-06-08 06:53 - 2012-06-08 06:53 - 00028003 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1280x720 H264 AAC] [CE8E5D1D].mkv.torrent
    2012-06-07 16:11 - 2012-06-07 16:11 - 00036227 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 07 [BD 1920x1080 H264 FLAC] [4334E9CE].mkv.torrent
    2012-06-07 16:09 - 2012-06-07 16:09 - 00035767 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 06 [BD 1920x1080 H264 FLAC] [32785C71].mkv.torrent
    2012-06-07 16:07 - 2012-06-07 16:07 - 00035947 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 05 [BD 1920x1080 H264 FLAC] [3339E03C].mkv.torrent
    2012-06-07 16:04 - 2012-06-07 16:04 - 00018183 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 04 [BD 1920x1080 H264 FLAC] [2019D88A].mkv.torrent
    2012-06-07 15:41 - 2012-06-07 15:41 - 00017963 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 03 [BD 1920x1080 H264 FLAC] [6879531B].mkv (1).torrent
    2012-06-07 15:12 - 2012-06-07 14:56 - 98902081 ____A C:\Users\abc\Downloads\[Hiryuu]_Freezing_SP01_[BD_1280x720_H264_AAC]_[079A17CA].mkv
    2012-06-07 14:49 - 2012-06-07 14:49 - 00017963 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 03 [BD 1920x1080 H264 FLAC] [6879531B].mkv.torrent
    2012-06-07 14:46 - 2012-06-07 14:35 - 116039878 ____A C:\Users\abc\Downloads\[Hiryuu]_Freezing_SP02_[BD_1280x720_H264_AAC]_[24DD04E9].mkv
    2012-06-07 14:29 - 2012-06-07 14:29 - 00015480 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing SP01 [BD 1280x720 H264 AAC] [079A17CA].mkv.torrent
    2012-06-07 06:28 - 2012-06-07 06:28 - 00015760 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 02 [BD 1280x720 H264 AAC] [7462F0C4].mkv.torrent
    2012-06-07 04:13 - 2012-06-07 04:13 - 00015988 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 01 [BD 1280x720 H264 AAC] [4B45F0E3].mkv [h33t].torrent
    2012-06-07 04:11 - 2012-06-07 04:11 - 00015988 ____A C:\Users\abc\Downloads\[kat.ph]hiryuu.freezing.01.bd.1280x720.h264.aac.4b45f0e3.mkv.torrent
    2012-06-07 04:11 - 2012-06-07 04:11 - 00015988 ____A C:\Users\abc\Downloads\[kat.ph]hiryuu.freezing.01.bd.1280x720.h264.aac.4b45f0e3.mkv (1).torrent
    2012-06-07 03:50 - 2012-06-07 03:50 - 00015700 ____A C:\Users\abc\Downloads\[Hiryuu] Freezing 01 [BD 1280x720 H264 AAC] [4B45F0E3].mkv.torrent
    2012-06-03 14:35 - 2010-03-26 20:09 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-06-30 07:33 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-30 07:33 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-30 07:33 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-30 07:33 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-30 07:33 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-30 07:33 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-30 07:33 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-30 07:32 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:12 - 2012-06-30 07:32 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 12:59 - 2012-06-01 11:06 - 00000616 ____A C:\Users\Guest\AppData\Roaming\Rim.Transcoder.Exception.log
    2012-06-01 12:59 - 2012-06-01 11:06 - 00000616 ____A C:\Users\Guest\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-06-01 12:59 - 2012-06-01 11:06 - 00000231 ____A C:\Users\Guest\AppData\Roaming\Rim.Desktop.Exception.log
    2012-06-01 12:42 - 2012-06-01 12:42 - 00000256 ____A C:\Windows\System32\pool.bin
    2012-06-01 12:19 - 2012-06-01 11:04 - 00003156 ____A C:\Users\abc\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-06-01 11:10 - 2012-06-01 11:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
    2012-06-01 11:05 - 2012-06-01 11:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
    2012-05-29 11:46 - 2012-02-05 01:18 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
    2012-05-29 11:46 - 2011-07-03 15:03 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-05-27 10:20 - 2012-05-27 10:20 - 00493520 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
    2012-05-26 14:33 - 2012-05-26 14:33 - 00121512 ____A C:\Users\abc\Downloads\DB9208970943B9442F1EBD0FB4F6F25708E18AE9.torrent
    2012-05-25 17:08 - 2012-05-25 17:08 - 00012510 ____A C:\Users\abc\Downloads\RustyHearts_PWE_Setup_20111107_v5.exe.torrent
    2012-05-24 03:17 - 2012-05-24 03:17 - 00014748 ____A C:\Users\abc\Downloads\hana_yori_dango_final_2008_movie_sd[sars].avi.torrent
    2012-05-23 16:24 - 2010-10-23 16:03 - 00008704 ____A C:\Users\abc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-22 04:39 - 2012-05-22 04:39 - 00020276 ____A C:\Users\abc\Downloads\[BakaBT.165741v2] Phi Brain - Kami no Puzzle.torrent
    2012-05-22 03:39 - 2012-05-22 03:39 - 06290208 ____A C:\Users\abc\Downloads\HSS-2.53-install-anchorfree-247-conduit3.exe
    2012-05-22 03:34 - 2012-05-22 03:34 - 00272200 ____A C:\Users\abc\Downloads\DM-247.exe
    2012-05-22 03:21 - 2012-05-22 03:21 - 00674682 ____A C:\Users\abc\Downloads\vpnautoconnect.zip
    2012-05-21 07:13 - 2012-05-21 07:13 - 02428210 ____A C:\Users\abc\Downloads\HideIPVPN-v1.0.0.4-install.exe
    2012-05-17 15:11 - 2012-06-30 07:54 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 14:48 - 2012-06-30 07:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 14:45 - 2012-06-30 07:54 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 14:36 - 2012-06-30 07:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 14:35 - 2012-06-30 07:55 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 14:35 - 2012-06-30 07:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 14:33 - 2012-06-30 07:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 14:31 - 2012-06-30 07:55 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 14:29 - 2012-06-30 07:55 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 14:29 - 2012-06-30 07:54 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 14:27 - 2012-06-30 07:55 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 14:25 - 2012-06-30 07:55 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 14:24 - 2012-06-30 07:55 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 14:20 - 2012-06-30 07:55 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-16 06:42 - 2012-05-16 06:42 - 00000981 ____A C:\Users\abc\Documents\ASPICHK_OLD.TXT
    2012-05-16 00:44 - 2012-05-16 00:44 - 00073006 ____A C:\Windows\System32\plugins.bak
    2012-05-15 21:31 - 2012-05-15 21:31 - 00015524 ____A C:\Users\abc\Downloads\[kat.ph]final.fantasy.viii.psx.torrent
    2012-05-15 02:51 - 2012-05-15 02:51 - 00008523 ____A C:\Users\abc\Downloads\dsp.zip
    2012-05-15 02:37 - 2012-05-15 02:37 - 04688861 ____A C:\Users\abc\Downloads\Dolphin-win-x86-v3.0-636.7z
    2012-05-14 22:30 - 2012-05-14 22:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-05-14 22:30 - 2012-05-14 22:30 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-05-14 22:30 - 2012-05-14 22:30 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-05-14 22:30 - 2012-05-14 22:30 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-05-14 17:05 - 2012-06-30 07:43 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-08 00:44 - 2012-05-08 00:44 - 00046862 ____A C:\Users\abc\Downloads\[Exiled-Destiny]_Fruits_Basket.4372321.TPB.torrent
    2012-05-08 00:32 - 2012-05-08 00:32 - 00046749 ____A C:\Users\abc\Downloads\[isoHunt] aec26d694efa50f15fdc0bb9584b6bf0ac44aeaa.torrent
    2012-05-08 00:15 - 2012-05-08 00:15 - 00032643 ____A C:\Users\abc\Downloads\[a4e]Fruits_Basket_01-26.torrent
    2012-05-06 13:34 - 2012-05-06 13:34 - 00019130 ____A C:\Users\abc\Downloads\[GotWoot] Mirai Nikki (complete).torrent
    2012-05-04 01:59 - 2012-06-30 07:44 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-02 18:54 - 2012-05-02 18:54 - 00042392 ____A C:\Windows\System32\xfcodec.dll
    2012-04-30 20:44 - 2012-06-30 07:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:17 - 2012-06-30 07:44 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 17:10 - 2012-04-27 17:09 - 00718172 ____A C:\Users\abc\Downloads\Windows6.1-KB917607-x64.msu
    2012-04-27 16:59 - 2012-04-27 16:59 - 01753837 ____A C:\Users\abc\Downloads\winhex.zip
    2012-04-27 16:55 - 2012-04-24 23:38 - 00176502 ____A C:\Users\abc\Downloads\pso2_closedbeta_text.rar
    2012-04-25 20:45 - 2012-06-30 07:44 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 20:45 - 2012-06-30 07:44 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 20:41 - 2012-06-30 07:44 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 23:33 - 2012-04-24 23:33 - 00001296 ____A C:\Users\abc\Desktop\PHANTASY STAR ONLINE 2.lnk
    2012-04-24 21:41 - 2012-04-24 21:32 - 00001180 ____A C:\Users\abc\Desktop\Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP.lnk
    2012-04-24 21:30 - 2012-04-24 21:29 - 04375552 ____A C:\Users\abc\Downloads\patch1.009.exe
    2012-04-24 21:30 - 2012-04-24 21:29 - 04371876 ____A C:\Users\abc\Downloads\patch1.009_eng.exe
    2012-04-24 21:27 - 2012-04-24 21:25 - 16186223 ____A (MicSoft) C:\Users\abc\Downloads\patch2.008.exe
    2012-04-24 21:19 - 2012-04-24 21:19 - 01920968 ____A C:\Users\abc\Downloads\WindomXP v2.008 [Full-Eng][Spyral][13-02-2011].rar
    2012-04-24 21:15 - 2012-04-24 21:15 - 01877806 ____A C:\Users\abc\Downloads\WindomXP v2.004 [Full-Eng][Spyral] 17-10-2010.rar
    2012-04-23 20:36 - 2012-06-30 07:44 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 20:36 - 2012-06-30 07:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-30 07:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-19 12:18 - 2012-04-19 12:18 - 00033005 ____A C:\Users\abc\Downloads\[Commie] Persona 4.torrent
    2012-04-17 05:45 - 2012-04-17 05:45 - 00075250 ____A C:\Users\abc\Downloads\[a-S] Full Metal Panic! (01-24) (1080p).torrent
    2012-04-16 12:12 - 2012-04-16 12:12 - 00002497 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-04-16 08:16 - 2012-04-16 08:15 - 00028614 ____A C:\Users\abc\Downloads\[BakaBT.149498v5] Skip Beat.torrent
    2012-04-15 11:31 - 2012-04-15 11:31 - 00025427 ____A C:\Users\abc\Downloads\[BakaBT.163330v0] Angel Beats! [Doki] (Hi10P 720p).torrent
    2012-04-11 07:40 - 2012-04-11 07:40 - 00037376 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\HssDrv.sys
    2012-04-10 12:39 - 2012-04-10 12:39 - 00000000 ____A C:\Windows\System32\pcapsvc.log
    ZeroAccess:
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\@
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\00000001.@
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\80000000.@
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\800000cb.@
    ZeroAccess:
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\@
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U\00000001.@
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 15%
    Total physical RAM: 3004.61 MB
    Available physical RAM: 2530.51 MB
    Total Pagefile: 3000.82 MB
    Available Pagefile: 2542.23 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:141.49 GB) (Free:8.85 GB) NTFS
    2 Drive e: () (Fixed) (Total:141.5 GB) (Free:14.09 GB) NTFS
    3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:3.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: (USB2) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3824 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 15 GB 1024 KB
    Partition 2 Primary 100 MB 15 GB
    Partition 3 Primary 141 GB 15 GB
    Partition 4 Primary 141 GB 156 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 141 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 141 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3820 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H USB2 FAT32 Removable 3820 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-06-29 05:31
    ======================= End Of Log ==========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  9. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Farbar Recovery Scan Tool Version: 07-07-2012 03
    Ran by SYSTEM at 2012-07-08 04:00:21
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  11. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Sorry ComboFix took some time to finish.



    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 03
    Ran by SYSTEM at 2012-07-08 04:38:41 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\frdepbt Value not found.
    AMService service not found.
    C:\Windows\Installer\{01829c48-43ff-ed99-10a9-8819c8a86cd2} not found.
    C:\Users\abc\AppData\Local\{01829c48-43ff-ed99-10a9-8819c8a86cd2} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    ComboFix 12-07-07.04 - abc 08/07/2012 5:13.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.1899 [GMT 1:00]
    Running from: c:\users\abc\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Microsoft
    c:\programdata\DynuEncrypt.dll
    c:\programdata\FullRemove.exe
    c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{10C15200-9989-4934-A35E-A6707EBBEB31}.xps
    c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{270E492D-F0B4-4CEB-AF8A-F2A167BEF76D}.xps
    c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39B21D29-65DD-4C9C-A880-D7CB965C038A}.xps
    c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ACAC4B54-1EF8-47AC-BE36-C43A4841F30C}.xps
    c:\users\Guest\AppData\Roaming\Ecyn
    c:\users\Guest\AppData\Roaming\Ecyn\yryv.obb
    c:\users\abc\AppData\Local\frdepbt.dat
    c:\users\abc\AppData\Local\frdepbt_nav.dat
    c:\users\abc\AppData\Local\frdepbt_navps.dat
    c:\users\abc\AppData\Local\nffee.dat
    c:\users\abc\AppData\Local\nffee_nav.dat
    c:\users\abc\AppData\Local\nffee_navps.dat
    c:\users\abc\AppData\Roaming\.#
    c:\windows\$NtUninstallKB63888$
    c:\windows\$NtUninstallKB63888$\2081425448
    c:\windows\$NtUninstallKB63888$\671080047\@
    c:\windows\$NtUninstallKB63888$\671080047\cfg.ini
    c:\windows\$NtUninstallKB63888$\671080047\Desktop.ini
    c:\windows\$NtUninstallKB63888$\671080047\L\xadqgnnk
    c:\windows\$NtUninstallKB63888$\671080047\oemid
    c:\windows\$NtUninstallKB63888$\671080047\U\00000001.@
    c:\windows\$NtUninstallKB63888$\671080047\U\00000002.@
    c:\windows\$NtUninstallKB63888$\671080047\U\00000004.@
    c:\windows\$NtUninstallKB63888$\671080047\U\80000000.@
    c:\windows\$NtUninstallKB63888$\671080047\U\80000004.@
    c:\windows\$NtUninstallKB63888$\671080047\U\80000032.@
    c:\windows\$NtUninstallKB63888$\671080047\version
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\uxt17B7.tmp
    C:\Windupdt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-08 11:03 . 2012-07-08 11:03 -------- d-----w- C:\FRST
    2012-07-08 04:31 . 2012-07-08 04:31 -------- d-----w- C:\microsoft
    2012-07-08 04:29 . 2012-07-08 04:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-08 04:29 . 2012-07-08 04:34 -------- d-----w- c:\users\abc\AppData\Local\temp
    2012-07-08 04:29 . 2012-07-08 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-08 04:11 . 2012-07-08 04:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B128E9C1-1546-4AB3-AC6D-E21DD62E0180}\offreg.dll
    2012-07-08 00:23 . 2012-07-08 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-08 00:23 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-06 22:34 . 2012-07-06 22:34 -------- d--h--w- c:\windows\PIF
    2012-07-03 14:05 . 2012-07-03 14:05 -------- d-----w- c:\users\abc\AppData\Local\Macromedia
    2012-07-03 11:00 . 2012-07-03 11:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-30 16:11 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B128E9C1-1546-4AB3-AC6D-E21DD62E0180}\mpengine.dll
    2012-06-30 15:55 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-30 15:55 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-06-30 15:55 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2012-06-30 15:55 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2012-06-30 15:55 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-30 15:55 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-30 15:54 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2012-06-30 15:54 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-30 15:54 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-06-30 15:54 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-30 15:54 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-30 15:43 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
    2012-06-30 15:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-06-30 15:33 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-30 15:33 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-30 15:33 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-30 15:33 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-30 15:33 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-30 15:33 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-30 15:33 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-30 15:32 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-30 15:32 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-30 13:03 . 2012-06-30 13:04 -------- d-----w- c:\program files\Core Temp
    2012-06-23 09:11 . 2012-06-23 09:11 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
    2012-06-20 13:58 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-06-20 13:57 . 2012-06-20 13:57 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\93bc8c7c1cd4eec01\MeshBetaRemover.exe
    2012-06-19 21:44 . 2012-06-19 21:44 -------- d-----w- c:\users\Guest\AppData\Local\ESET
    2012-06-17 22:57 . 2012-06-17 22:57 -------- d-----w- c:\program files\INFovine
    2012-06-17 22:57 . 2011-12-27 08:59 56288 ----a-w- c:\windows\system32\VineTransfer.ocx
    2012-06-17 22:57 . 2011-12-27 08:59 48104 ----a-w- c:\windows\system32\UbiKeyUninstall.exe
    2012-06-17 22:57 . 2011-12-27 08:59 39896 ----a-w- c:\windows\system32\UbiKey.dll
    2012-06-17 22:57 . 2011-12-27 08:59 39904 ----a-w- c:\windows\system32\UbiKeyWin32.dll
    2012-06-17 22:56 . 2012-06-17 22:56 -------- d-----w- c:\program files\DreamSecurity
    2012-06-17 21:29 . 2012-06-17 21:29 -------- d-----w- c:\users\abc\AppData\Roaming\com.tfhz.air.player
    2012-06-14 01:55 . 2012-06-14 01:55 -------- d-----w- c:\program files\TuneUp Utilities 2012
    2012-06-14 01:48 . 2012-06-14 01:48 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-06-14 01:48 . 2012-06-14 01:48 -------- d--h--w- c:\programdata\Common Files
    2012-06-14 01:34 . 2012-06-14 01:34 -------- d-----w- c:\users\abc\AppData\Roaming\Wireshark
    2012-06-14 01:01 . 2012-06-14 01:01 -------- d-----w- c:\program files\WinPcap
    2012-06-14 01:00 . 2012-06-14 01:01 -------- d-----w- c:\program files\Wireshark
    2012-06-11 22:44 . 2012-06-11 22:44 -------- d-----w- c:\program files\LAV Filters
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-22 23:37 . 2012-03-31 01:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-22 23:37 . 2011-09-04 02:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-29 19:46 . 2011-07-03 23:03 31584 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-05-29 19:46 . 2012-02-05 09:18 21344 ----a-w- c:\windows\system32\authuitu.dll
    2012-05-15 06:30 . 2012-05-15 06:30 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-05-15 06:30 . 2012-05-15 06:30 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-05-15 06:30 . 2012-05-15 06:30 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-05-15 06:30 . 2012-05-15 06:30 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
    2012-04-11 15:40 . 2012-04-11 15:40 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2012-04-09 21:34 . 2012-04-25 10:31 3957088 ----a-w- c:\windows\system32\GameMon.des
    2010-05-07 20:13 . 2010-05-07 20:13 6 ----a-w- c:\program files\Common Files\UnInstallCompleted.tmp
    2007-11-06 15:19 . 2011-12-13 07:16 1162744 ----a-w- c:\program files\opera\program\plugins\mfc90u.dll
    2007-11-06 15:19 . 2011-12-13 07:16 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
    2007-11-06 15:19 . 2011-12-13 07:16 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
    2011-10-11 22:51 . 2011-04-03 11:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\XfireXO\tbXfi0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-10-18 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-20 880496]
    "SpeedItUpEX"="c:\program files\Speeditup Free\SpeedItUp.exe" [2008-06-09 2275328]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-09-14 112400]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    "Akamai NetSession Interface"="c:\users\abc\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
    "APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
    "fsn"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe" [2010-03-25 137792]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
    "Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "GamingMouse"="c:\program files\GamingMouse\hid.exe" [2010-07-16 240640]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
    "ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2012-02-17 1441792]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Creative Element Power Tools Startup.lnk - c:\program files\Creative Element Power Tools\Startup.exe [2011-2-2 265384]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-5-3 3553176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 ALSysIO;ALSysIO;c:\users\abc\AppData\Local\Temp\ALSysIO.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 msfilter;Blaze Gaming Mouse;c:\windows\system32\drivers\msfilter.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 vtany;vtany;c:\windows\vtany.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
    R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
    R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
    R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
    R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
    R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
    R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
    R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
    R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
    R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
    R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
    R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
    R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
    R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [x]
    S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    imagedrv
    tmactmon
    SE2Bbus
    epgspooler
    awlegacy
    GENERICDRV
    icdsptsv
    lyncusbserv
    WD_FireWire_HID
    STV680
    ScFBPNT2
    tbaspi
    lxce_device
    vetfddnt
    zebrsce
    oracle_load_balancer_60_server-forms6ip14
    bmwebcfg
    grmnusb
    elagopro
    SQTECH905C
    iviVD
    s117mdm
    modemcsa
    dlbx_device
    basic2
    hpqcxs08
    CiscoVpnInstallService
    djsnetcn
    NWADI
    datunidr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 18:31]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 18:31]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
    - c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 03:48]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
    - c:\users\abc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 03:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ee/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uInternet Settings,ProxyServer = 219.223.252.137:1080
    IE: Download All By FlashGet3 - c:\users\abc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download By FlashGet3 - c:\users\abc\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    LSP: pcapwsp.dll
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    Trusted Zone: crunchyroll.com\www
    Trusted Zone: kuaiche.com\software
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
    DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab
    DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxp://auth.siren24.com/infovine/VineTransfer.cab
    DPF: {C8223F3A-1420-4245-88F2-D874FC081574} - hxxps://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab
    FF - ProfilePath - c:\users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
    FF - prefs.js: network.proxy.ftp - 202.158.150.175
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 55111
    FF - prefs.js: network.proxy.socks - 202.158.150.175
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 202.158.150.175
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
    URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
    URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2208)
    c:\program files\Xfire\xfire_toucan_45547.dll
    c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
    c:\program files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\vmnat.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\vmnetdhcp.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
    c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\windows\system32\conhost.exe
    c:\program files\Proxy Labs\ProxyCap\pcapui.exe
    c:\program files\Hotspot Shield\bin\openvpntray.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-08 05:44:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-08 04:44
    .
    Pre-Run: 9,334,329,344 bytes free
    Post-Run: 11,692,961,792 bytes free
    .
    - - End Of File - - 9A519CA9380AE9A9EC06D2604B8FA558
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    ====================================

    Uninstall Advanced SystemCare 5.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===========================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Yes everything seems to work fine now. Firewall and defender started working again and Sirefef is removed.
    I shall uninstall Advanced System Care 5 aswell but I can't seem to be able to download OTL, website doesn't load.
    Going to post MBAM log in couple of minutes when it finishes scanning.

    Thank you very much for your help!!
     
  15. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.07.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    abc :: ABC-PC [administrator]

    Protection: Enabled

    08/07/2012 06:05:35
    mbam-log-2012-07-08 (06-05-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 237072
    Time elapsed: 7 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  17. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Thank you, link worked.
    Here's the log:


    OTL logfile created on: 7/8/2012 8:32:15 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\abc\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.21% Memory free
    5.86 Gb Paging File | 4.23 Gb Available in Paging File | 72.10% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 141.49 Gb Total Space | 12.78 Gb Free Space | 9.03% Space Free | Partition Type: NTFS
    Drive D: | 141.50 Gb Total Space | 14.09 Gb Free Space | 9.96% Space Free | Partition Type: NTFS

    Computer Name: ABC-PC | User Name: abc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/08 20:30:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
    PRC - [2012/05/29 20:46:48 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    PRC - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\abc\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/05/20 11:22:54 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2012/05/03 03:54:42 | 003,553,176 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
    PRC - [2012/04/11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    PRC - [2012/04/11 00:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/02 19:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2012/03/25 08:01:44 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    PRC - [2012/02/17 14:15:02 | 001,441,792 | ---- | M] (Proxy Labs) -- C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
    PRC - [2012/02/17 14:15:00 | 001,372,160 | ---- | M] (Proxy Labs) -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
    PRC - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2011/09/14 08:22:36 | 000,112,400 | ---- | M] (www.motioninjoy.com) -- C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/07/16 16:37:58 | 000,240,640 | ---- | M] () -- C:\Program Files\GamingMouse\hid.exe
    PRC - [2010/05/25 14:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npstartersvc.exe
    PRC - [2010/05/25 14:43:52 | 000,213,279 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npnj5Agent.exe
    PRC - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2010/02/22 16:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
    PRC - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
    PRC - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2006/11/21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/03 07:35:06 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/03 07:34:54 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/15 09:14:01 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    MOD - [2012/05/15 09:13:41 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/15 09:13:36 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/15 09:13:16 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/04/11 01:05:10 | 000,009,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
    MOD - [2012/04/11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    MOD - [2011/10/14 21:54:53 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/07/16 16:37:58 | 000,240,640 | ---- | M] () -- C:\Program Files\GamingMouse\hid.exe
    MOD - [2010/07/04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
    MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2006/11/21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrmonsvc.dll -- (irmon)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wstcodec.dll -- (imagedrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odserv.dll -- (hpqcxs08)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaboiom.dll -- (datunidr)
    SRV - [2012/07/03 23:56:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/23 00:37:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/30 00:01:11 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
    SRV - [2012/05/29 20:46:46 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2012/04/11 01:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
    SRV - [2012/04/11 00:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2012/04/09 22:34:20 | 003,957,088 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/02 19:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/17 14:15:00 | 001,372,160 | ---- | M] (Proxy Labs) [Auto | Running] -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc)
    SRV - [2011/11/15 19:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/06/29 03:01:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/05/25 14:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)
    SRV - [2010/02/22 16:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/01/22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
    SRV - [2010/01/22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\xhunter1.sys -- (xhunter1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva394.sys -- (XDva394)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva393.sys -- (XDva393)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva391.sys -- (XDva391)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva388.sys -- (XDva388)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva387.sys -- (XDva387)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva385.sys -- (XDva385)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva380.sys -- (XDva380)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva375.sys -- (XDva375)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva370.sys -- (XDva370)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva349.sys -- (XDva349)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva347.sys -- (XDva347)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva346.sys -- (XDva346)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\vtany.sys -- (vtany)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\abc\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [File_System | System | Stopped] -- System32\Drivers\dfsc.sys -- (DfsC)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\abc\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\abc\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
    DRV - [2012/05/08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2012/04/11 16:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
    DRV - [2012/04/06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2011/07/01 10:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2011/03/23 17:20:32 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
    DRV - [2011/02/09 05:12:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/01/01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/08/04 23:07:07 | 000,138,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2010/07/15 07:33:44 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
    DRV - [2010/07/15 07:17:22 | 000,180,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinVd32.sys -- (WinVd32)
    DRV - [2010/07/15 07:17:15 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\windows\System32\WinFLdrv.sys -- (WinFLdrv)
    DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010/05/13 15:55:18 | 000,047,712 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\NPIdsVt.sys -- (NPIDS)
    DRV - [2010/04/13 13:17:52 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msfilter.sys -- (msfilter)
    DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2010/02/22 16:51:16 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2010/02/22 16:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/02/22 16:47:22 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/02/15 10:24:00 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2010/01/22 22:14:16 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2010/01/22 22:14:14 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2010/01/22 22:14:12 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
    DRV - [2010/01/22 22:14:12 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
    DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
    DRV - [2010/01/22 17:13:00 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2010/01/22 17:13:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
    DRV - [2010/01/22 17:13:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2009/11/11 12:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/11/11 12:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/11/11 12:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/11/11 12:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/11 12:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/04/29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
    DRV - [2009/01/18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
    DRV - [2005/01/03 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ee/
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.223.252.137:1080

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.3.2.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
    FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
    FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="
    FF - prefs.js..network.proxy.backup.ftp: "124.54.177.78"
    FF - prefs.js..network.proxy.backup.ftp_port: 18080
    FF - prefs.js..network.proxy.backup.socks: "124.54.177.78"
    FF - prefs.js..network.proxy.backup.socks_port: 18080
    FF - prefs.js..network.proxy.backup.ssl: "124.54.177.78"
    FF - prefs.js..network.proxy.backup.ssl_port: 18080
    FF - prefs.js..network.proxy.ftp: "202.158.150.175"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 55111
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "202.158.150.175"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "202.158.150.175"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@ncsoft.com/Plugin: C:\Program Files\plaync\NCPlugin\npncllm3.dll (NCsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\windows\system32\npOGPPlugin.dll (OGPlanet)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll (INFOVINE)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\abc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\abc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll (INFOVINE)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/09/11 04:23:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/11 23:04:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/05 13:05:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/02 02:43:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/08 11:08:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/28 16:05:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\windows\vf_hip\ [2010/08/19 07:58:57 | 000,000,000 | ---D | M]

    [2010/03/24 19:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abc\AppData\Roaming\mozilla\Extensions
    [2012/07/08 04:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions
    [2012/06/09 03:35:02 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}
    [2012/07/03 23:56:33 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2010/04/28 22:38:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/07/03 23:56:37 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2012/07/03 23:56:41 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
    [2010/05/27 01:39:29 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    [2012/07/03 23:56:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/07/03 23:56:48 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
    [2012/01/24 17:28:08 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\DTToolbar@toolbarnet.com
    [2012/03/26 17:22:47 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\abc\AppData\Roaming\mozilla\Firefox\Profiles\lplktduk.default\extensions\ffxtlbr@babylon.com
    [2011/03/21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\conduit.xml
    [2011/02/09 05:12:22 | 000,002,059 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\daemon-search.xml
    [2010/04/29 15:34:57 | 000,002,384 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\Search Solver.xml
    [2010/04/20 16:57:08 | 000,003,915 | ---- | M] () -- C:\Users\abc\AppData\Roaming\Mozilla\Firefox\Profiles\lplktduk.default\searchplugins\sweetim.xml
    [2012/03/05 04:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/01 18:47:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/02 23:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/14 23:52:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2012/02/27 12:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/02/05 13:05:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/03/07 00:28:48 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
    [2011/04/05 21:07:30 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
    [2011/04/05 21:07:21 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2012/03/25 03:39:55 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\abc\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LPLKTDUK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2011/10/11 23:51:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/27 12:11:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/07/16 21:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2009/10/06 10:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\mozilla firefox\plugins\npOGPPlugin.dll
    [2011/05/26 20:40:54 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/10/11 23:51:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/12/13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
     
  18. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    ========== Chrome ==========

    CHR - default_search_provider: facemoods (Enabled)
    CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\abc\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\abc\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: OGPlanet Game Launcher Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: ncsoft login launcher module (Enabled) = C:\Program Files\plaync\NCPlugin\npncllm.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npNxGame.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\abc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\windows\system32\npOGPPlugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Collusion for Chrome = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\1.5.6_0\
    CHR - Extension: AdBlock = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/08 05:32:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\abc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
    O4 - HKLM..\Run: [GamingMouse] C:\Program Files\GamingMouse\hid.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ProxyCap] C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe (Proxy Labs)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe ()
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [Akamai NetSession Interface] C:\Users\abc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe (MicroSmarts LLC.)
    O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe (Creative Element)
    O4 - Startup: C:\Users\abc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\abc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
    O8 - Extra context menu item: Download By FlashGet3 - C:\Users\abc\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\windows\System32\pcapwsp.dll (Proxy Labs)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - pcapwsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - pcapwsp.dll File not found
    O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: crunchyroll.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
    O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab (nPCom2 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BCF0F4D5-A864-4B98-BD41-72AAF2680A0C} http://windybeta.xcdnplus.co.kr/windydev/sd/pcinfo/cab/pcCheck.cab (SysInfoCom Class)
    O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} http://auth.siren24.com/infovine/VineTransfer.cab (VineTransfer Control)
    O16 - DPF: {C8223F3A-1420-4245-88F2-D874FC081574} https://auth.siren24.com/MagicLineMBX/lib/MagicLineMBX.cab (MagicLineMBX Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C212B5B-CEE6-469E-AD26-EA4B3BFE1BFE}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAD741A8-E2ED-4452-BC35-215CE88B041D}: DhcpNameServer = 10.78.48.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/08 20:30:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
    [2012/07/08 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{2AB3CFFD-B8C0-4631-8C11-267C419AE771}
    [2012/07/08 16:47:45 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C6CDBC40-04E4-4D21-8908-3EAA436F4E4C}
    [2012/07/08 12:03:38 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/08 11:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/07/08 11:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/08 11:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/07/08 11:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/07/08 05:44:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/08 05:31:09 | 000,000,000 | ---D | C] -- C:\microsoft
    [2012/07/08 05:29:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\temp
    [2012/07/08 04:55:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/07/08 04:55:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/07/08 04:55:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/07/08 04:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 04:52:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/07/08 04:47:24 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\abc\Desktop\ComboFix.exe
    [2012/07/08 03:26:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{222753AC-2B62-443F-945F-E25D32EA28F2}
    [2012/07/08 03:26:17 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C0494E54-E2D6-4D37-9D8D-A7A75799FDBE}
    [2012/07/08 02:11:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\abc\Desktop\dds.scr
    [2012/07/08 01:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/08 01:23:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/07/08 01:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/06 23:34:01 | 000,000,000 | -H-D | C] -- C:\windows\PIF
    [2012/07/05 17:47:32 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{316DE079-8561-41E8-8C6B-8D0538722CA4}
    [2012/07/05 17:47:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{437C7BAC-6C4E-44FF-A0C1-3874E0050487}
    [2012/07/03 16:02:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FA1BF6D0-9FD7-4F1C-B559-3858C8234786}
    [2012/07/03 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{053E49F7-DCA3-4683-84D4-D75CB5FE5CAF}
    [2012/07/03 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\Macromedia
    [2012/07/03 12:00:46 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
    [2012/07/03 07:50:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{07A7090A-D502-484D-B74C-B8EA458005EA}
    [2012/07/03 07:49:54 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DCB51446-C936-454A-9C19-10E677B52B6B}
    [2012/07/02 01:50:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FD5DA32B-0CEC-440A-8A3F-C2E4218072BF}
    [2012/06/30 14:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
    [2012/06/30 14:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
    [2012/06/30 07:17:58 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{5B5F745D-F506-45A5-B610-F2CA95822EB5}
    [2012/06/29 06:32:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{831F87B7-737E-4174-8957-42C378BC2C7D}
    [2012/06/29 06:31:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{98CBB1B6-D6DC-4A2E-9598-58B2AE521D81}
    [2012/06/28 21:23:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{1EBE06BA-4C6B-4B63-8AC3-96C7F1A85EDC}
    [2012/06/27 19:27:27 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{23FC9A10-8B9A-49CA-ADA3-4AD0954EC106}
    [2012/06/27 01:59:23 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{946E2F39-B6B2-4113-AB69-EC73492B5F00}
    [2012/06/27 01:59:08 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{B373A2AF-03E3-4078-B7EE-C10686B1B56A}
    [2012/06/26 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{AA99DCDC-F31E-4517-8B12-F1F1F9CA711A}
    [2012/06/26 15:16:13 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{7B18988A-BA62-49F2-8558-FCF0D21B6D5E}
    [2012/06/25 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{083F5444-EFCF-48D2-8EBF-4AB54A617A6B}
    [2012/06/23 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{F3EE9F65-412A-4A67-AF00-60817FFFBD44}
    [2012/06/23 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{64DAE847-1049-4A5E-ABC9-A95F099CFA88}
    [2012/06/23 08:02:47 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{A71CED70-26CC-4A81-BFAD-BE70695370BC}
    [2012/06/23 00:43:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DED5C935-8FE9-4B33-B3F3-1EC0E27DBD42}
    [2012/06/23 00:43:15 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{26E1E661-4032-4091-A817-EDCB4B9263EF}
    [2012/06/22 06:38:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{182ECDEB-6309-4641-B1FE-8AC0511C2B60}
    [2012/06/20 15:00:22 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{0B080FC6-3815-4637-B2E9-B84D1B266162}
    [2012/06/20 15:00:11 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{74828AD5-A6A9-4FBB-ACA0-087501851773}
    [2012/06/20 14:22:28 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{C1E36BE1-CFF8-43E0-B49D-28F250BDF07C}
    [2012/06/20 14:22:07 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{CD08AEBB-797B-4030-B463-D7F5BD18678F}
    [2012/06/20 13:26:01 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{5026640F-C7AB-4897-A836-D9F90B8AB64F}
    [2012/06/20 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{FBE1DCF6-C9DD-4A98-8FCD-4B7876FEFDA4}
    [2012/06/19 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9A00AFC4-B8F8-4CD0-AF48-1D656BC687C3}
    [2012/06/18 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{001B426A-7AEE-464F-9187-771967E1F799}
    [2012/06/17 23:57:48 | 000,056,288 | ---- | C] ((주)인포바인) -- C:\windows\System32\VineTransfer.ocx
    [2012/06/17 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\INFovine
    [2012/06/17 23:57:47 | 000,048,104 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKeyUninstall.exe
    [2012/06/17 23:57:47 | 000,039,904 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKeyWin32.dll
    [2012/06/17 23:57:47 | 000,039,896 | ---- | C] ((주)인포바인) -- C:\windows\System32\UbiKey.dll
    [2012/06/17 23:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
    [2012/06/17 22:29:10 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Roaming\com.tfhz.air.player
    [2012/06/15 16:47:30 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{1B5AEE4B-1589-4550-89DF-D0F2B07DFE78}
    [2012/06/14 02:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
    [2012/06/14 02:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
    [2012/06/14 02:48:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    [2012/06/14 02:48:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/06/14 02:34:14 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Roaming\Wireshark
    [2012/06/14 02:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    [2012/06/14 02:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
    [2012/06/14 02:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
    [2012/06/12 11:09:34 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9C345C14-32FA-44E3-BF0E-217C3AE8C6CC}
    [2012/06/12 11:09:03 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{AC738615-5F55-4994-A8D8-4E64DFB1ED24}
    [2012/06/11 23:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    [2012/06/11 23:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\LAV Filters
    [2012/06/11 06:10:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{EEE1F929-149C-4197-9551-0DCD26AFF15A}
    [2012/06/11 06:10:05 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{9DE28C6D-38B1-4CF4-B354-1FDFCA67155E}
    [2012/06/10 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{721354D2-2844-42D0-AB31-F4435C2B4B6C}
    [2012/06/10 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{2B1FCF07-2BA9-48F7-937A-BA79C80D5F0C}
    [2012/06/08 23:17:36 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{F505F31F-871D-4563-AA90-5B4AAEC2D2CD}
    [2012/06/08 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{383066ED-5FD6-4ECE-A5F7-03F80D401E85}
    [2012/06/08 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{D1161B74-82AA-4EB7-ADEA-50FC78833B4A}
    [2012/06/08 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{454C83E5-0F38-41A0-9548-B6D0605C4BFE}
    [2012/06/08 22:58:40 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{8BFAF051-4738-4C2A-8A29-31633EE205B5}
    [2012/06/08 22:58:17 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{97E292A8-00D6-4ECB-8568-04970597C97D}
    [2012/06/08 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{3A2799F4-FCD9-4372-B274-679E7FD6F794}
    [2012/06/08 21:11:48 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{DB2E92B5-0176-4183-B287-33DB674CEE41}
    [2012/06/08 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{D704EFE8-56E5-4DC4-91CF-90A64F5E5987}
    [2012/06/08 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\abc\AppData\Local\{02E8258D-CB0C-4C4C-9F68-F132F94C2BE0}
    [31 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/08 20:34:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/07/08 20:30:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\abc\Desktop\OTL.exe
    [2012/07/08 20:06:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001UA.job
    [2012/07/08 19:59:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/08 15:08:40 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 15:08:40 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 14:05:29 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/08 08:06:03 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1001Core.job
    [2012/07/08 05:32:47 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/07/08 05:31:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/08 04:47:51 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\abc\Desktop\ComboFix.exe
    [2012/07/08 02:11:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\abc\Desktop\dds.scr
    [2012/07/08 01:54:50 | 000,302,592 | ---- | M] () -- C:\Users\abc\Desktop\pojybror.exe
    [2012/07/08 01:23:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/07 20:39:54 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
    [2012/07/07 19:40:48 | 000,676,672 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/07/07 19:40:48 | 000,131,056 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/07/03 07:31:19 | 003,784,248 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2012/06/27 01:56:11 | 000,000,000 | ---- | M] () -- C:\windows\System32\cd.dat
    [2012/06/15 23:12:09 | 000,000,621 | ---- | M] () -- C:\Users\abc\Last session abc.prj
    [2012/06/14 02:01:00 | 000,001,712 | ---- | M] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
    [2012/06/09 00:51:57 | 000,002,002 | ---- | M] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [31 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/08 04:55:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/07/08 04:55:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/07/08 04:55:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/07/08 04:55:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/07/08 04:55:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/07/08 01:54:49 | 000,302,592 | ---- | C] () -- C:\Users\abc\Desktop\pojybror.exe
    [2012/07/08 01:23:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/07 20:39:54 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
    [2012/06/27 01:56:11 | 000,000,000 | ---- | C] () -- C:\windows\System32\cd.dat
    [2012/06/14 02:55:37 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
    [2012/06/14 02:01:00 | 000,001,712 | ---- | C] () -- C:\Users\abc\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
    [2012/06/14 02:01:00 | 000,001,700 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    [2012/06/01 21:42:01 | 000,000,256 | ---- | C] () -- C:\windows\System32\pool.bin
    [2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\windows\System32\xfcodec.dll
    [2012/04/28 02:02:50 | 000,000,621 | ---- | C] () -- C:\Users\abc\Last session abc.prj
    [2012/03/05 03:02:34 | 000,000,342 | ---- | C] () -- C:\Users\abc\openvpn-connect.json
    [2012/02/17 14:15:08 | 000,315,392 | ---- | C] ( ) -- C:\windows\System32\sbcrreag.dll
    [2012/01/13 09:03:54 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
    [2011/12/23 16:39:59 | 000,020,864 | ---- | C] () -- C:\windows\System32\drivers\msfilter.sys
    [2011/10/13 12:31:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [2011/10/13 12:30:24 | 000,000,268 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2011/07/05 01:17:48 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
    [2011/07/05 01:17:47 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
    [2011/06/28 13:10:43 | 000,007,605 | ---- | C] () -- C:\Users\abc\AppData\Local\Resmon.ResmonCfg
    [2011/05/31 07:39:50 | 000,058,368 | ---- | C] () -- C:\windows\System32\bdmpegv.dll
    [2011/05/31 07:38:18 | 000,015,360 | ---- | C] () -- C:\windows\System32\bdmjpeg.dll
    [2011/04/30 07:03:29 | 000,000,532 | ---- | C] () -- C:\windows\eReg.dat
    [2011/03/15 08:29:48 | 000,139,264 | ---- | C] () -- C:\windows\System32\nsldap32v50.dll
    [2011/03/07 07:18:02 | 000,028,496 | ---- | C] () -- C:\windows\System32\SmartDefragBootTime.exe
    [2011/03/07 07:18:02 | 000,015,672 | ---- | C] () -- C:\windows\System32\drivers\SmartDefragDriver.sys
    [2011/02/27 20:22:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/09 05:44:22 | 000,000,565 | ---- | C] () -- C:\Users\abc\AppData\Roaming\myMPQ.ini
    [2011/02/02 14:53:04 | 000,109,056 | -H-- | C] () -- C:\windows\ozddyeaelgyuanfj.exe
    [2011/02/02 13:46:19 | 000,002,282 | ---- | C] () -- C:\Users\abc\AppData\Local\TempGUIPic.jpg
    [2011/02/02 08:10:44 | 000,039,424 | ---- | C] () -- C:\windows\System32\rpiAccessProcess.dll
    [2010/10/24 01:03:39 | 000,008,704 | ---- | C] () -- C:\Users\abc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/20 14:20:25 | 000,000,014 | ---- | C] () -- C:\windows\System32\systeminfo.dll
    [2010/10/02 16:59:32 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
    [2010/07/24 06:26:54 | 000,138,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
    [2010/07/24 06:26:32 | 000,214,816 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
    [2010/07/24 06:26:20 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
    [2010/07/15 07:33:38 | 000,110,592 | ---- | C] () -- C:\windows\System32\suppdll.dll
    [2010/07/15 07:33:38 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
    [2010/07/15 07:17:22 | 000,180,224 | ---- | C] () -- C:\windows\System32\WinVd32.sys
    [2010/07/15 07:17:15 | 000,007,680 | ---- | C] () -- C:\windows\System32\WinFLsrv.exe
    [2010/06/14 18:28:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\aguans.exe
    [2010/06/12 15:36:27 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\mtrygelk.exe
    [2010/06/08 12:29:06 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\hblffa.exe
    [2010/06/07 15:28:32 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\vhowop.exe
    [2010/06/01 18:09:58 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\tafmlza.exe
    [2010/05/30 07:42:37 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\opqrsabc.exe
    [2010/05/29 00:53:52 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\xbmeit.exe
    [2010/05/23 20:16:11 | 000,012,670 | ---- | C] () -- C:\Users\abc\.recently-used.xbel
    [2010/05/22 18:49:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\ydwbbg.exe
    [2010/05/14 03:16:40 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\frdvhzlv.exe
    [2010/05/08 18:00:04 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\accfzbvx.exe
    [2010/04/22 23:09:01 | 000,000,090 | ---- | C] () -- C:\Users\abc\AppData\Local\frdepbt.bat
    [2010/04/09 12:31:45 | 000,000,088 | ---- | C] () -- C:\Users\abc\AppData\Local\nffee.bat

    ========== LOP Check ==========

    [2012/02/06 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/02/06 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2012/02/16 04:22:03 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Atsaa
    [2012/02/17 01:27:52 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Azureus
    [2012/01/08 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BitTorrent
    [2011/12/30 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Blaze
    [2010/12/17 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CoreCodec
    [2011/10/14 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite
    [2012/02/16 04:26:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
    [2012/02/16 10:06:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Izbin
    [2012/02/16 10:06:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Lereeh
    [2012/01/14 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MotioninJoy
    [2011/09/16 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\NVD
    [2010/07/26 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
    [2012/06/01 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Research In Motion
    [2011/10/13 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SoftGrid Client
    [2011/10/13 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Template
    [2012/06/14 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
    [2012/06/24 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
    [2012/07/08 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\1E754
    [2012/02/13 03:48:21 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\54307
    [2012/01/13 07:48:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Azureus
    [2012/04/13 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BITS
    [2012/05/06 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BitTorrent
    [2011/12/23 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Blaze
    [2012/02/29 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BSplayer
    [2010/03/24 00:34:56 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BSplayer Pro
    [2011/07/05 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\BugTrap Console Test108
    [2011/06/07 20:02:36 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/06/20 18:26:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    [2011/06/07 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/06/17 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\com.tfhz.air.player
    [2010/10/20 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\CoreCodec
    [2012/01/25 03:48:47 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\CoreFTP
    [2012/04/25 06:27:09 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DAEMON Tools Lite
    [2011/07/23 03:16:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DVDVideoSoft
    [2011/07/22 03:12:02 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/05/24 17:53:34 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FlashGet
    [2010/05/24 17:53:26 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FlashGetBHO
    [2012/05/16 09:45:19 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\fltk.org
    [2010/07/04 13:46:56 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\FOG Downloader
    [2012/02/14 05:08:05 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Foro
    [2010/04/21 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Free Mp3 Wma Ogg Converter
    [2010/04/09 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Games-Attack
    [2010/11/24 02:54:41 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\GetRightToGo
    [2012/05/22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\globalip
    [2012/01/25 02:59:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\IObit
    [2011/05/26 19:57:53 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Keynote Systems
    [2010/07/16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient
    [2010/03/25 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2012/06/01 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\LolClient2
    [2011/02/02 01:02:05 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Mael
    [2010/09/11 04:04:04 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\mkvtoolnix
    [2011/07/27 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\MotioninJoy
    [2011/02/02 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Notepad++
    [2010/06/06 10:54:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\NVD
    [2010/07/03 23:25:19 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Opera
    [2012/06/01 20:17:39 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Research In Motion
    [2012/02/14 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Riaz
    [2012/04/25 05:19:18 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SEGA
    [2011/10/14 21:47:35 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SoftGrid Client
    [2010/06/17 15:35:48 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Synthesia
    [2011/01/24 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\SystemRequirementsLab
    [2010/12/16 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TeamViewer
    [2010/06/06 10:54:23 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TP
    [2012/06/14 02:55:22 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\TuneUp Software
    [2012/01/05 04:01:51 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Ubisoft
    [2012/07/08 20:44:46 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\uTorrent
    [2012/02/16 05:49:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Uzoswy
    [2012/06/14 02:34:14 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\Wireshark
    [2012/01/13 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\X-Chat 2
    [2012/07/07 19:34:06 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  19. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    OTL Extras logfile created on: 7/8/2012 8:32:15 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\abc\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.21% Memory free
    5.86 Gb Paging File | 4.23 Gb Available in Paging File | 72.10% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 141.49 Gb Total Space | 12.78 Gb Free Space | 9.03% Space Free | Partition Type: NTFS
    Drive D: | 141.50 Gb Total Space | 14.09 Gb Free Space | 9.96% Space Free | Partition Type: NTFS

    Computer Name: ABC-PC | User Name: abc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{442F8E6D-C607-413C-9632-9970B67DCA89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{66142F7D-FE84-4A18-80D0-EEFCD7F048A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{04FC8026-2728-4532-95AB-E73D0CA4DA74}" = protocol=6 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
    "{0DFA62E9-74E6-4360-BCAE-C4BCDA013736}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{30CA5F66-3E87-4698-898F-942EC1B30BC9}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
    "{3ADD0A44-FC86-4BE3-965A-6E32B5DD5B8A}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61C06435-025E-4A1E-80C0-8BA4A43E8A43}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6CC3AA05-8FFD-40E0-AF6A-DE1C0621C375}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A04DB17E-D407-45EE-A7D4-EE520A768CD0}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8AFBE72-1C23-451C-BD6D-E0BDF5A705D0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{C549E3E3-DB0B-4ACA-B21F-F07C92B6EE2B}" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{C79FA123-3FA1-47A2-9974-757E4F47B538}" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CF307209-F749-4CC2-9980-143F3A27F01F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E18B1B02-81C3-446A-A430-A8F252442A18}" = protocol=17 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{1778002B-E441-42F6-A3B9-837B46FF909A}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "TCP Query User{18F9A03E-A195-4F7D-A143-207E502F4A3B}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "TCP Query User{1CEF16A5-8FC2-4C04-AC99-31517BE9EB61}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{333E3618-5201-4F5F-965A-0E19BA490D59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{B0BEA724-01C5-496C-A3B1-9BE8F1DE8D59}C:\users\abc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{C77EDA4E-610B-4D6A-AA62-6B75257739F4}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
    "UDP Query User{1FB0D518-C0BE-422A-ABDB-D1CA3F562172}C:\users\abc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\abc\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{25BD4E2B-FA58-4F12-9B2A-27E8BD86F76E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{2C60135F-99BC-4085-AC41-E1EF47C5858C}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "UDP Query User{36FD80C1-02DD-4342-B0DC-EA9F28133D85}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "UDP Query User{7099B1E0-B30F-483D-B5DD-C3C9518558AB}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{7310C541-3497-4590-ABFA-19D06B9D6E47}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BD21033-6A2D-4013-93CA-6E3C0F1D1198}" = GamingMouse
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
    "{3FEC0E55-76BC-4619-4830-225F5A5F0B5E}" = 24hz 플레이어
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{62ADAE66-EAB3-46E8-9973-2D10F67816A4}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6B06F103-3DE2-4A12-9FD9-776E0019E577}" = ProxyCap
    "{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{80AEB164-0D5C-4EB6-88F4-19930661D380}" = DivXMuxGUI
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
    "{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}" = ESET NOD32 Antivirus
    "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5C424A1-5C0A-426C-BB0B-D75907243EC3}" = Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "3737476D828B8998E2990F74B0C2DFEDA9326473" = Windows Driver Package - Blaze (HidUsb) HIDClass (03/08/2010 1.0.0.0)
    "7-Zip" = 7-Zip 9.20
    "AC3Filter" = AC3Filter (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
    "Akamai" = Akamai NetSession Interface
    "AutoItv3" = AutoIt v3.3.6.1
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BitTorrent" = BitTorrent
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
    "BSPlayerf" = BS.Player FREE
    "Carte" = Carte 0.9.58
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Cheat Engine 6.0_is1" = Cheat Engine 6.0
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.tfhz.air.player" = 24hz 플레이어
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "Creative Element Power Tools" = Creative Element Power Tools
    "Cultris_0" = Cultris II
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "DivX Setup" = DivX Setup
    "ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
    "FLAC" = FLAC 1.2.1b (remove only)
    "FlashGet 3.3" = FlashGet 3.3
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
    "Free Studio_is1" = Free Studio version 5.1.4
    "Free YouTube Download_is1" = Free YouTube Download 2.9
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
    "Game Booster_is1" = Game Booster 3
    "HaaliMkx" = Haali Media Splitter
    "Hide IP Platinum_is1" = Hide IP Platinum 3.5
    "HotspotShield" = Hotspot Shield 2.53
    "http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
    "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
    "HyperCam 2" = HyperCam 2
    "INFovine" = ÈÞ´ëÆùÀÎÁõ¼(º¸°ü)¼ºñ½º
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "KeynoteConnector" = Keynote Connector
    "lavfilters_is1" = LAV Filters 0.50.5
    "MagicLineMBX" = MagicLineMBX
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MKVtoolnix" = MKVtoolnix 4.3.0
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NCLauncher_plaync" = NCLauncher (plaync)
    "NifSkope" = NifSkope (remove only)
    "Notepad++" = Notepad++
    "npn5" = nProtect Netizen SVC (remove only)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OGPlanet Game Launcher EU" = OGPlanet Game Launcher Europe
    "OGPlanet Game Launcher US" = OGPlanet Game Launcher
    "Protected Folder_is1" = Protected Folder
    "RealPlayer 15.0" = RealPlayer
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SpeedItupFree4.95" = Speeditup Free 4.90
    "The Core Media Player" = The Core Media Player 4.0
    "The KMPlayer" = The KMPlayer (remove only)
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "TVWiz" = Intel(R) TV Wizard
    "Unlocker" = Unlocker 1.9.0
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.1
    "VMware_Workstation" = VMware Workstation
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinHex" = WinHex
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "Wireshark" = Wireshark 1.6.8 (32-bit)
    "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
    "xchat" = XChat 2 (remove only)
    "Xfire" = Xfire (remove only)
    "XfireXO Toolbar" = XfireXO Toolbar
    "XPMP" = Xfire Plus: Music Plugin

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/6/2012 6:29:23 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
    stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
    time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
    process id: 0x818 Faulting application start time: 0x01cd5bc6946004f4 Faulting application
    path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
    C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 08f0fc3a-c7ba-11e1-8069-005056c00008

    Error - 7/7/2012 3:41:14 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
    0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
    0x738 Faulting application start time: 0x01cd5c7868e4608c Faulting application path:
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: b5c060ad-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 3:41:40 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
    0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
    0xc60 Faulting application start time: 0x01cd5c787ef08d57 Faulting application path:
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: c53e35ec-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 3:42:04 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
    0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
    0x10ac Faulting application start time: 0x01cd5c78902b83e9 Faulting application path:
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: d35b9ecc-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 3:42:18 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
    0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
    0x1228 Faulting application start time: 0x01cd5c78990a64af Faulting application path:
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: dc30fa10-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 3:42:24 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
    stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
    time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
    process id: 0xfb4 Faulting application start time: 0x01cd5c788093521d Faulting application
    path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
    C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: df95d054-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 3:42:42 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ekrn.exe, version: 4.2.35.0, time stamp:
    0x4b82a3f0 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0003224d Faulting process id:
    0x1424 Faulting application start time: 0x01cd5c78a1cf1651 Faulting application path:
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: ea2873fc-c86b-11e1-b6c9-005056c00008

    Error - 7/7/2012 8:48:53 PM | Computer Name = abc-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
    stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
    time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
    process id: 0xd98 Faulting application start time: 0x01cd5ca34e5f2d12 Faulting application
    path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
    C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: affabe6f-c896-11e1-97f4-005056c00008

    Error - 7/7/2012 11:10:04 PM | Computer Name = ABC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
    stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
    time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
    process id: 0xff0 Faulting application start time: 0x01cd5cb6efcb53da Faulting application
    path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
    C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 692f190b-c8aa-11e1-b738-005056c00008

    Error - 7/7/2012 11:41:00 PM | Computer Name = ABC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: msnmsgr.exe, version: 15.4.3538.513, time
    stamp: 0x4dcdb2b3 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
    time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
    process id: 0x9c8 Faulting application start time: 0x01cd5cbb580add66 Faulting application
    path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
    C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: bbb5c5f7-c8ae-11e1-a9f2-005056c00008

    [ System Events ]
    Error - 7/8/2012 12:34:21 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%1058

    Error - 7/8/2012 12:34:24 AM | Computer Name = ABC-PC | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 7/8/2012 12:42:14 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%1058

    Error - 7/8/2012 12:44:14 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%1058

    Error - 7/8/2012 1:02:41 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7034
    Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 7/8/2012 2:47:15 AM | Computer Name = ABC-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 7/8/2012 6:13:37 AM | Computer Name = ABC-PC | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/8/2012 9:05:51 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
    Description =

    Error - 7/8/2012 9:06:09 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
    Description =

    Error - 7/8/2012 9:20:37 AM | Computer Name = ABC-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  20. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    I'm off to bed for now, haven't slept in about 27 hours starting to get tired.
    See you tomorrow.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\xhunter1.sys -- (xhunter1)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva394.sys -- (XDva394)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva393.sys -- (XDva393)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva391.sys -- (XDva391)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva388.sys -- (XDva388)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva387.sys -- (XDva387)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva385.sys -- (XDva385)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva380.sys -- (XDva380)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva375.sys -- (XDva375)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva370.sys -- (XDva370)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva349.sys -- (XDva349)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva347.sys -- (XDva347)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva346.sys -- (XDva346)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\vtany.sys -- (vtany)
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\abc\AppData\Local\Temp\mbr.sys -- (mbr)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
      IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.223.252.137:1080
      O3 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
      O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
      O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
      O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: crunchyroll.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
      [2012/07/08 12:03:38 | 000,000,000 | ---D | C] -- C:\FRST
      [2011/02/02 14:53:04 | 000,109,056 | -H-- | C] () -- C:\windows\ozddyeaelgyuanfj.exe
      [2010/06/14 18:28:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\aguans.exe
      [2010/06/12 15:36:27 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\mtrygelk.exe
      [2010/06/08 12:29:06 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\hblffa.exe
      [2010/06/07 15:28:32 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\vhowop.exe
      [2010/06/01 18:09:58 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\tafmlza.exe
      [2010/05/30 07:42:37 | 000,002,360 | ---- | C] () -- C:\Users\abc\AppData\Local\opqrsabc.exe
      [2010/05/29 00:53:52 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\xbmeit.exe
      [2010/05/22 18:49:36 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\ydwbbg.exe
      [2010/05/14 03:16:40 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\frdvhzlv.exe
      [2010/05/08 18:00:04 | 000,002,365 | ---- | C] () -- C:\Users\abc\AppData\Local\accfzbvx.exe
      [2010/04/22 23:09:01 | 000,000,090 | ---- | C] () -- C:\Users\abc\AppData\Local\frdepbt.bat
      [2010/04/09 12:31:45 | 000,000,088 | ---- | C] () -- C:\Users\abc\AppData\Local\nffee.bat
      [2012/07/08 01:08:43 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\1E754
      [2012/02/13 03:48:21 | 000,000,000 | ---D | M] -- C:\Users\abc\AppData\Roaming\54307
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  22. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    Service xhunter1 stopped successfully!
    Service xhunter1 deleted successfully!
    File C:\windows\xhunter1.sys not found.
    Service XDva394 stopped successfully!
    Service XDva394 deleted successfully!
    File C:\windows\system32\XDva394.sys not found.
    Service XDva393 stopped successfully!
    Service XDva393 deleted successfully!
    File C:\windows\system32\XDva393.sys not found.
    Service XDva391 stopped successfully!
    Service XDva391 deleted successfully!
    File C:\windows\system32\XDva391.sys not found.
    Service XDva390 stopped successfully!
    Service XDva390 deleted successfully!
    File C:\windows\system32\XDva390.sys not found.
    Service XDva389 stopped successfully!
    Service XDva389 deleted successfully!
    File C:\windows\system32\XDva389.sys not found.
    Service XDva388 stopped successfully!
    Service XDva388 deleted successfully!
    File C:\windows\system32\XDva388.sys not found.
    Service XDva387 stopped successfully!
    Service XDva387 deleted successfully!
    File C:\windows\system32\XDva387.sys not found.
    Service XDva385 stopped successfully!
    Service XDva385 deleted successfully!
    File C:\windows\system32\XDva385.sys not found.
    Service XDva380 stopped successfully!
    Service XDva380 deleted successfully!
    File C:\windows\system32\XDva380.sys not found.
    Service XDva375 stopped successfully!
    Service XDva375 deleted successfully!
    File C:\windows\system32\XDva375.sys not found.
    Service XDva370 stopped successfully!
    Service XDva370 deleted successfully!
    File C:\windows\system32\XDva370.sys not found.
    Service XDva349 stopped successfully!
    Service XDva349 deleted successfully!
    File C:\windows\system32\XDva349.sys not found.
    Service XDva347 stopped successfully!
    Service XDva347 deleted successfully!
    File C:\windows\system32\XDva347.sys not found.
    Service XDva346 stopped successfully!
    Service XDva346 deleted successfully!
    File C:\windows\system32\XDva346.sys not found.
    Service vtany stopped successfully!
    Service vtany deleted successfully!
    File C:\windows\vtany.sys not found.
    Error: No service named mbr was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully.
    File C:\Users\abc\AppData\Local\Temp\mbr.sys not found.
    Service EagleXNt stopped successfully!
    Service EagleXNt deleted successfully!
    File C:\windows\system32\drivers\EagleXNt.sys not found.
    Service EagleNT stopped successfully!
    Service EagleNT deleted successfully!
    File C:\windows\system32\drivers\EagleNT.sys not found.
    HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crunchyroll.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U folder moved successfully.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L folder moved successfully.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\{01829c48-43ff-ed99-10a9-8819c8a86cd2} folder moved successfully.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\U folder moved successfully.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2}\L folder moved successfully.
    C:\FRST\Quarantine\{01829c48-43ff-ed99-10a9-8819c8a86cd2} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\ozddyeaelgyuanfj.exe moved successfully.
    C:\Users\abc\AppData\Local\aguans.exe moved successfully.
    C:\Users\abc\AppData\Local\mtrygelk.exe moved successfully.
    C:\Users\abc\AppData\Local\hblffa.exe moved successfully.
    C:\Users\abc\AppData\Local\vhowop.exe moved successfully.
    C:\Users\abc\AppData\Local\tafmlza.exe moved successfully.
    File C:\Users\abc\AppData\Local\opqrsabc.exe not found.
    C:\Users\abc\AppData\Local\xbmeit.exe moved successfully.
    C:\Users\abc\AppData\Local\ydwbbg.exe moved successfully.
    C:\Users\abc\AppData\Local\frdvhzlv.exe moved successfully.
    C:\Users\abc\AppData\Local\accfzbvx.exe moved successfully.
    C:\Users\abc\AppData\Local\frdepbt.bat moved successfully.
    C:\Users\abc\AppData\Local\nffee.bat moved successfully.
    C:\Users\abc\AppData\Roaming\1E754 folder moved successfully.
    C:\Users\abc\AppData\Roaming\54307 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 53632 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 26902704 bytes
    ->Temporary Internet Files folder emptied: 38062598 bytes
    ->Java cache emptied: 2214700 bytes
    ->FireFox cache emptied: 137152631 bytes
    ->Apple Safari cache emptied: 23099392 bytes
    ->Opera cache emptied: 9152063 bytes
    ->Flash cache emptied: 5296 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: abc
    ->Temp folder emptied: 2290087 bytes
    ->Temporary Internet Files folder emptied: 212781607 bytes
    ->Java cache emptied: 313244 bytes
    ->FireFox cache emptied: 493187884 bytes
    ->Google Chrome cache emptied: 255901733 bytes
    ->Apple Safari cache emptied: 56343552 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 61015 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6403 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,199.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Public

    User: abc
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: abc
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07092012_134938

    Files\Folders moved on Reboot...
    C:\windows\temp\vmware-SYSTEM-2585583032\vmware-usbarb-SYSTEM-2124.log moved successfully.

    PendingFileRenameOperations files...
    File C:\windows\temp\vmware-SYSTEM-2585583032\vmware-usbarb-SYSTEM-2124.log not found!

    Registry entries deleted on Reboot...
     
  23. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET NOD32 Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.262
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  24. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 02-07-2012
    Ran by abc (administrator) on 09-07-2012 at 14:05:47
    Running from "C:\Users\abc\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\windows\system32\nsisvc.dll => MD5 is legit
    C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\windows\system32\dhcpcore.dll => MD5 is legit
    C:\windows\system32\Drivers\afd.sys => MD5 is legit
    C:\windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\windows\system32\dnsrslvr.dll => MD5 is legit
    C:\windows\system32\mpssvc.dll => MD5 is legit
    C:\windows\system32\bfe.dll => MD5 is legit
    C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\windows\system32\SDRSVC.dll => MD5 is legit
    C:\windows\system32\vssvc.exe => MD5 is legit
    C:\windows\system32\wscsvc.dll => MD5 is legit
    C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\windows\system32\wuaueng.dll => MD5 is legit
    C:\windows\system32\qmgr.dll => MD5 is legit
    C:\windows\system32\es.dll => MD5 is legit
    C:\windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\windows\system32\svchost.exe => MD5 is legit
    C:\windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  25. RiceFusion

    RiceFusion TS Rookie Topic Starter Posts: 24

    Scanning Report
    Monday, July 9, 2012 14:42:04 - 14:55:23
    Computer name: ABC-PC
    Scanning type: Quick scan
    Target: System


    --------------------------------------------------------------------------------

    3 malware found
    TrackingCookie.2o7 (spyware)
    System (Disinfected)
    TrackingCookie.Statistik-Gallup (spyware)
    System (Disinfected)
    TrackingCookie.Yieldmanager (spyware)
    System (Disinfected)

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 5638
    System: 5638
    Not scanned: 0
    Actions:
    Disinfected: 3
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0

    --------------------------------------------------------------------------------

    Options
    Scanning engines:
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...