TechSpot

Trojan Sirefef needs eliminating

Solved
By NathanC
Apr 16, 2012
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    That's because you didn't read my instructions carefully:
     
  3. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    bkasepa
    bizvasmp
    bfeazglf
    bcykqxnd
    anrxzaes
    anfrxscr
    algpxihc
    fyqgcqy
    fvemleed
    feskqxkv
    eudmlcgx
    ejswrmjj
    efctuwcc
    echtgppb
    dobsrzzr
    doavittn
    dgxwxhoi
    dfjlravi
    cvoosfih
    crogquxg
    crlwsgkt
    cqumwyqr
    cnivisli
    cnbqyxod
    cmfxxesp
    clrpisck
    cleqxnfr
    bynjmlee
    bkasepal
    jgubkche
    irubozzj
    irqarmaw
    iqbjmgih
    inzhyahc
    iiiribdp
    hspvpogo
    hcaktcpj
    hbxpeivb
    gyzsnjch
    gmwhdabk
    glewgrop
    gimxcwch
    gaiyrthq
    fyqgcqyx
    mjjbyqg
    mcaayfmg
    lqotftju
    lkqtjhjr
    lhhjelll
    ldkoqbcv
    kiosgusv
    kdcouwvd
    jnlvhsra
    jjxcyfpq
    oyqbyjxp
    oxmyyngw
    osbtqxyg
    oostygzp
    omnfwvux
    ojvnitvc
    ohtgvpls
    oentpmve
    odrjidqo
    nmlxqhad
    nglygumz
    nghkpaca
    ndxkqvho
    ndjpqrgg
    mzmslejl
    myhxbxgn
    mjzygdsh
    mjjbyqgs
    tpiwwocw
    tmyeytbk
    tgvfsljd
    srkqcgyr
    spzwunjo
    rzgttibq
    rwtlydmu
    ruvxtwxa
    rtvimyen
    rpkkgjox
    qmhwivaz
    qhyymwib
    qdyrljwa
    pxctjdxj
    pugrpfks
    prhcxhri
    yaoqwpdl
    xjnzyttd
    xcnkzzti
    xaaszano
    wvsyfnkj
    wolwliit
    wluefyoa
    wlryfvmn
    wiqcqshl
    wayrjbij
    vmskvhis
    uywyvisi
    uvyxiehq
    uqgovcpe
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  4. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Sorry about that reboot!!! I must be more careful....

    ComboFix 12-04-17.01 - Cheung 19/04/2012 9:50.4.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1431 [GMT 8:00]
    Running from: c:\users\Cheung\Desktop\ComboFix2.exe
    Command switches used :: c:\users\Cheung\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Cheung\AppData\Local\assembly\tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_algpxihc
    -------\Service_anfrxscr
    -------\Service_anrxzaes
    -------\Service_bcykqxnd
    -------\Service_bfeazglf
    -------\Service_bizvasmp
    -------\Service_bkasepal
    -------\Service_bynjmlee
    -------\Service_cleqxnfr
    -------\Service_clrpisck
    -------\Service_cmfxxesp
    -------\Service_cnbqyxod
    -------\Service_cnivisli
    -------\Service_cqumwyqr
    -------\Service_crlwsgkt
    -------\Service_crogquxg
    -------\Service_cvoosfih
    -------\Service_dfjlravi
    -------\Service_dgxwxhoi
    -------\Service_doavittn
    -------\Service_dobsrzzr
    -------\Service_echtgppb
    -------\Service_efctuwcc
    -------\Service_ejswrmjj
    -------\Service_eudmlcgx
    -------\Service_feskqxkv
    -------\Service_fvemleed
    -------\Service_fyqgcqyx
    -------\Service_gaiyrthq
    -------\Service_gimxcwch
    -------\Service_glewgrop
    -------\Service_gmwhdabk
    -------\Service_gyzsnjch
    -------\Service_hbxpeivb
    -------\Service_hcaktcpj
    -------\Service_hspvpogo
    -------\Service_iiiribdp
    -------\Service_inzhyahc
    -------\Service_iqbjmgih
    -------\Service_irqarmaw
    -------\Service_irubozzj
    -------\Service_jgubkche
    -------\Service_jjxcyfpq
    -------\Service_jnlvhsra
    -------\Service_kdcouwvd
    -------\Service_kiosgusv
    -------\Service_ldkoqbcv
    -------\Service_lhhjelll
    -------\Service_lkqtjhjr
    -------\Service_lqotftju
    -------\Service_mcaayfmg
    -------\Service_mjjbyqgs
    -------\Service_mjzygdsh
    -------\Service_myhxbxgn
    -------\Service_mzmslejl
    -------\Service_ndjpqrgg
    -------\Service_ndxkqvho
    -------\Service_nghkpaca
    -------\Service_nglygumz
    -------\Service_nmlxqhad
    -------\Service_odrjidqo
    -------\Service_oentpmve
    -------\Service_ohtgvpls
    -------\Service_ojvnitvc
    -------\Service_omnfwvux
    -------\Service_oostygzp
    -------\Service_osbtqxyg
    -------\Service_oxmyyngw
    -------\Service_oyqbyjxp
    -------\Service_prhcxhri
    -------\Service_pugrpfks
    -------\Service_pxctjdxj
    -------\Service_qdyrljwa
    -------\Service_qhyymwib
    -------\Service_qmhwivaz
    -------\Service_rpkkgjox
    -------\Service_rtvimyen
    -------\Service_ruvxtwxa
    -------\Service_rwtlydmu
    -------\Service_rzgttibq
    -------\Service_spzwunjo
    -------\Service_srkqcgyr
    -------\Service_tgvfsljd
    -------\Service_tmyeytbk
    -------\Service_tpiwwocw
    -------\Service_uqgovcpe
    -------\Service_uvyxiehq
    -------\Service_uywyvisi
    -------\Service_vmskvhis
    -------\Service_wayrjbij
    -------\Service_wiqcqshl
    -------\Service_wlryfvmn
    -------\Service_wluefyoa
    -------\Service_wolwliit
    -------\Service_wvsyfnkj
    -------\Service_xaaszano
    -------\Service_xcnkzzti
    -------\Service_xjnzyttd
    -------\Service_yaoqwpdl
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Dropbox2\AppData\Local\temp
    2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Dropbox1\AppData\Local\temp
    2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-18 16:16 . 2012-04-19 02:03 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD91FD9-A8A2-4FD5-911B-6B438F29DA61}\offreg.dll
    2012-04-18 15:05 . 2012-04-18 15:05 -------- d-----w- c:\windows\en
    2012-04-18 14:57 . 2012-03-08 10:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-04-18 14:47 . 2012-04-18 14:47 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-04-18 14:32 . 2012-04-18 14:32 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\1c79d1751cd1d7003\bingbarsetup.exe
    2012-04-18 14:31 . 2012-04-18 14:31 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f09755031cd1d6f02\MeshBetaRemover.exe
    2012-04-18 14:31 . 2012-04-18 14:31 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\DXSETUP.exe
    2012-04-18 14:31 . 2012-04-18 14:31 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\DSETUP.dll
    2012-04-18 14:31 . 2012-04-18 14:31 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\dsetup32.dll
    2012-04-18 14:21 . 2012-04-18 14:21 -------- d-----w- c:\program files\Evernote
    2012-04-18 13:12 . 2012-04-18 13:12 -------- d-----w- c:\program files\Common Files\xing shared
    2012-04-18 13:10 . 2012-04-18 13:10 -------- d-----w- c:\program files\Foxit Software
    2012-04-18 09:56 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD91FD9-A8A2-4FD5-911B-6B438F29DA61}\mpengine.dll
    2012-04-18 08:25 . 2012-04-18 08:25 -------- d-----w- c:\users\Cheung\AppData\Roaming\SkypePM
    2012-04-18 01:02 . 2012-04-18 03:00 -------- d-----w- C:\ComboFix
    2012-04-17 12:42 . 2012-04-17 12:42 -------- d-----w- c:\program files\Common Files\Java
    2012-04-17 12:42 . 2012-04-17 12:42 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-04-17 12:30 . 2012-04-17 12:30 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-04-17 12:30 . 2012-04-17 12:30 -------- d-----w- c:\program files\DAEMON Tools Lite
    2012-04-17 03:05 . 2012-04-17 03:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-16 08:00 . 2012-04-16 08:00 -------- d-----w- c:\program files\FileHippo.com
    2012-04-14 10:08 . 2012-04-14 10:08 -------- d-----w- c:\users\Cheung\AppData\Local\adaware
    2012-04-14 10:08 . 2012-04-14 10:08 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-04-14 10:07 . 2011-04-05 09:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-04-14 10:07 . 2011-04-05 09:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2012-04-14 10:07 . 2011-04-05 09:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-04-14 10:07 . 2011-02-08 01:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-04-14 10:07 . 2012-04-14 10:07 -------- d-----w- c:\programdata\Lavasoft
    2012-04-14 10:07 . 2012-04-18 09:49 -------- d-----w- c:\program files\Ad-Aware Antivirus
    2012-04-14 10:04 . 2012-04-16 09:24 -------- d-----w- c:\users\Cheung\AppData\Roaming\Ad-Aware Antivirus
    2012-04-13 16:34 . 2010-11-26 10:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2012-04-13 16:34 . 2012-04-13 16:34 -------- d-----w- c:\program files\IObit
    2012-04-13 16:29 . 2012-04-13 16:29 -------- d-----w- c:\program files\OpenDrive
    2012-04-12 09:08 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 09:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 09:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-12 09:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 08:04 . 2012-04-11 08:04 -------- d--h--w- c:\windows\AxInstSV
    2012-04-11 07:39 . 2012-04-12 09:05 -------- d-----w- c:\users\DB
    2012-04-04 04:16 . 2012-04-04 04:17 -------- d-----w- c:\program files\Megacloud
    2012-04-04 04:08 . 2012-04-04 04:09 -------- d-----w- c:\program files\Spectromancer
    2012-04-04 03:29 . 2012-04-04 03:29 -------- d-----w- c:\users\Cheung\AppData\Local\OpenDrive
    2012-04-03 09:20 . 2012-04-19 06:11 -------- d-----w- c:\users\Cheung\AppData\Roaming\Fiabee
    2012-04-03 09:19 . 2012-04-03 09:19 -------- d-----w- c:\program files\Tuso
    2012-03-26 08:13 . 2012-03-26 08:13 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-03-26 07:56 . 2012-04-19 01:36 -------- d-----w- c:\users\Cheung\.gstreamer-0.10
    2012-03-26 07:48 . 2012-03-26 07:48 -------- d-----w- c:\programdata\Motorola Media Link
    2012-03-26 07:48 . 2012-03-26 07:48 -------- d-----w- c:\program files\Motorola Mobility
    2012-03-26 07:45 . 2012-04-19 06:11 -------- d-----w- c:\users\Cheung\AppData\Roaming\MotoCast
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-22 15:06 . 2006-09-12 04:46 227328 --sha-r- c:\windows\system32\ac3DX.ax
    2012-03-22 15:06 . 2006-08-16 07:53 175104 --sha-r- c:\windows\system32\CoreAAC.ax
    2012-03-22 15:06 . 2006-01-12 16:23 123904 --sha-r- c:\windows\system32\AVCDX.ax
    2012-03-22 15:06 . 2005-02-22 09:55 81920 --sha-r- c:\windows\system32\aac_parser.ax
    2012-03-22 15:06 . 2005-01-17 16:26 179200 --sha-r- c:\windows\system32\DiracSplitter.ax
    2012-03-22 15:06 . 2003-12-07 00:59 97280 --sha-r- c:\windows\system32\FLACDX.ax
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-17 12:43 . 2011-06-26 00:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-17 12:42 . 2011-06-24 23:18 567696 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-17 03:08 . 2011-06-25 11:43 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-03-16 01:48 . 2012-03-16 01:48 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
    2012-03-14 02:15 . 2011-06-25 03:24 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-08 10:50 . 2012-03-08 10:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2012-03-08 10:37 . 2012-03-08 10:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-01 05:37 . 2012-04-12 09:08 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 05:29 . 2012-04-12 09:08 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-28 01:11 . 2012-04-12 09:19 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-17 05:34 . 2012-03-14 13:14 919040 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-02-17 05:34 . 2012-03-14 13:14 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 04:14 . 2012-03-14 13:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:13 . 2012-03-14 13:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-10 09:40 . 2012-02-10 09:41 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
    2012-02-10 05:38 . 2012-03-14 13:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-09 14:43 . 2012-02-09 14:43 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-09 14:43 . 2012-02-09 14:43 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-09 14:43 . 2012-02-09 14:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-09 14:43 . 2012-02-09 14:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-09 14:43 . 2012-02-09 14:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-09 14:43 . 2012-02-09 14:43 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-09 14:43 . 2012-02-09 14:43 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-09 14:43 . 2012-02-09 14:43 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-09 14:43 . 2012-02-09 14:43 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-09 14:43 . 2012-02-09 14:43 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-09 14:43 . 2011-02-22 18:57 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-09 14:43 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-03 03:54 . 2012-03-14 13:19 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44 . 2011-06-24 09:19 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-25 05:58 . 2012-01-25 05:58 23808 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
    2012-01-25 05:57 . 2012-01-25 05:57 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys
    2012-01-25 05:57 . 2012-01-25 05:57 8448 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
    2012-01-25 05:57 . 2012-01-25 05:57 20864 ----a-w- c:\windows\system32\drivers\motccgp.sys
    2012-01-25 05:32 . 2012-03-14 13:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 05:32 . 2012-03-14 13:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:27 . 2012-03-14 13:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2006-05-03 03:06 163328 --sha-r- c:\windows\System32\flvDX.dll
    2007-02-21 04:47 31232 --sha-r- c:\windows\System32\msfDX.dll
    2008-03-16 06:30 216064 --sha-r- c:\windows\System32\nbDX.dll
    2010-01-06 16:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
    2012-01-28 06:44 760136 ----a-w- c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1B5498A8-C09C-43DD-89FC-67803840387E}"= "c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 760136]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
    .
    [HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
    [HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
    "{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
    [HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
    @="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
    [HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
    @="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
    [HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
    @="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
    [HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
    @="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
    [HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
    @="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
    [HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
    @="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
    [HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
    2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
    @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
    @="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
    [HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
    2012-03-10 04:04 3153584 ----a-w- c:\program files\OpenDrive\OpenDrive.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
    @="{0367BF0F-7636-43AF-A152-E935D61A0203}"
    [HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
    2011-12-02 10:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
    @="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
    [HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
    2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
    @="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
    [HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
    2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
    @="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
    [HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
    2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
    @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
    @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
    2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
    @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
    [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
    2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2011-12-02 10:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
    @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
    [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
    2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
    @="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
    [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
    2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
    @="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
    [HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
    2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
    @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
    [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
    2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
     
  5. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="" [BU]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    "BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
    "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
    "Akamai NetSession Interface"="c:\users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "IDSyncStartup"="c:\idsync\IDSyncStartup.exe" [2011-09-14 95704]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    "MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 1981]
    "Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
    "Zune Launcher"="c:\program files\Zune1\ZuneLauncher.exe" [2011-08-05 159456]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 5694792]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "Intel AppUp(SM) center"="c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 1311]
    "TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
    "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
    "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 177384]
    "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "Fiabee"="c:\program files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 9892336]
    "OpenDrive Tray"="c:\program files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 4341424]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-18 296056]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
    .
    c:\users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
    .
    c:\users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    .
    c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-29 1014112]
    GoBox.lnk - c:\program files\GoBox\gobox_desktop.exe [2012-3-2 491520]
    IDriveSync Tray.lnk - c:\idsync\IDSyncTray.exe [2012-3-2 1775064]
    MangoApps Desktop.lnk - c:\program files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
    MegaCloud.lnk - c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
    Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    PortableApps.lnk - c:\portable apps\Start.exe [2011-12-8 145920]
    qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]
    Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
    Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
    Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
    Windows Live Mesh.lnk - c:\program files\Windows Live\Mesh\WLSync.exe [2012-3-8 1449824]
    Wuala.lnk - c:\users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
    path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
    backup=c:\windows\pss\RocketDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-26 21:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
    2011-05-20 08:56 724536 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 05:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
    2012-03-19 20:32 9413712 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-22 06:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-04-18 13:11 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZuneLyricsHelper]
    2009-09-06 03:19 61952 ----a-w- c:\program files\Zune Addons\Zune Lyrics\ZuneNowPlaying.exe
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R1 ujpmglgd;ujpmglgd;c:\windows\system32\drivers\ujpmglgd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
    R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 252576]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 20864]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 23808]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune1\WMZuneComm.exe [2011-08-05 268512]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2011-01-06 13440]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 296336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 242240]
    S1 ISODisk;ISODisk; [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
    S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
    S2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2011-06-09 144856]
    S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
    S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
    S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
    S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224]
    S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792]
    S2 wrapper;theSkyNet;c:\program files\theSkyNet\wrapper-windows-x86-32.exe [2011-05-25 431896]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-12 49152]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
    S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
    S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    btkrnl
    ADSMService
    viaagp1
    pcx1nd5
    dmboot
    LC7981
    DCamUSBMke
    alcan5wn
    Bcim
    swupdtmr
    SGHIDI
    DcCam
    pcctlcom
    sis162u
    ANC
    logonsvcid
    ftdisk
    usnsvc
    bdss
    icraplus
    F700ius
    zebrceb
    pxfhbus
    s125mdfl
    RDID1007
    SetupSys
    symappcore
    iastor
    btnetfilter
    paamsrv
    vsdatant
    LRMINIPORT
    procexp100
    FA312
    zpcollector
    W700mdfl
    tsdhd
    nvedavt
    p2k
    ctxcpuusync
    SGIR
    atierecord
    unrealircd
    nwlnkipx
    se59unic
    servidor
    ctdvda2k
    ndassvc
    application
    CTERFXFX.DLL
    dlaifs_m
    autocomplete
    AlKernel
    msftesql
    SbcpHid
    cicsclient
    vcommmgr
    avhook
    AcronisOSSReinstallSvc
    SymIM
    contentfilter
    swmidi
    ELmou
    ZY202_XP
    niorbk
    adobeversioncue
    dot4scan
    iviaspi
    hcwPVRP2
    sprtsvc_dellsupportcenter
    wmccds
    nvcap
    MSSQL$AUTODESKVAULT
    cisvc
    ccevtmgr
    tm_cfw
    dlacdbhm
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:43]
    .
    2012-04-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-22 11:01]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
    - c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
    - c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dreamerz.biz/home.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Evernote 4 - c:\portable apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll/204
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
    DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(7984)
    c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
    c:\program files\RocketDock\RocketDock.dll
    c:\program files\Tuso\Fiabee Sync\LIBEAY32.dll
    c:\program files\Tuso\Fiabee Sync\SSLEAY32.dll
    c:\program files\Tuso\Fiabee Sync\iconv.dll
    c:\program files\OpenDrive\OpenDrive.dll
    c:\program files\OpenDrive\libssh2.dll
    c:\program files\OpenDrive\zlibwapi.dll
    c:\program files\Wuala OverlayIcons\OverlayIcon.dll
    c:\windows\system32\CbFsMntNtf3.dll
    c:\idsync\IDSyncIcon.dll
    c:\program files\Megacloud\LivedriveExtensions.dll
    c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\CbFsNetRdr3.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\System32\SyncCenter.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\java.exe
    c:\idsync\IDSyncCDBManager.exe
    c:\windows\system32\conhost.exe
    c:\idsync\IDSyncSDBManager.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\WUDFHost.exe
    c:\idsync\IDSyncClient.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
    c:\program files\Motorola Mobility\MotoCast\MotoCast.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\conhost.exe
    c:\idsync\IDSNotifier.exe
    c:\windows\system32\conhost.exe
    c:\portable apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    c:\program files\Windows Live\Mesh\MOE.exe
    c:\program files\Hotspot Shield\bin\openvpntray.exe
    c:\portable apps\PortableApps\dropboxportableahk-hr\dropboxportableahk.exe
    c:\portable apps\PortableApps\PortableApps.com\PortableAppsUpdater.exe
    c:\program files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
    c:\portable apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\portable apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-19 14:18:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-19 06:18
    ComboFix2.txt 2012-04-18 04:33
    .
    Pre-Run: 125,846,151,168 bytes free
    Post-Run: 121,115,029,504 bytes free
    .
    - - End Of File - - D899CBCB3FC1F0E20EC2A91A8FAB2B43
     
  6. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    PC doing heaps better....faster (thanks) but i am getting a BSOD when shutting down (I'll get to that one later).

    OTL logfile created on: 20/04/2012 10:10:46 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Cheung\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 24.56% Memory free
    6.50 Gb Paging File | 3.65 Gb Available in Paging File | 56.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 419.99 Gb Total Space | 116.41 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
    Drive D: | 511.52 Gb Total Space | 134.98 Gb Free Space | 26.39% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 71.26 Gb Free Space | 15.30% Space Free | Partition Type: NTFS

    Computer Name: CHEUNG-DESKTOP | User Name: Cheung | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/18 21:11:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/04/17 23:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2012/04/17 23:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    PRC - [2012/04/17 20:42:08 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    PRC - [2012/04/17 09:19:19 | 001,506,304 | ---- | M] (nionsoftware) -- C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\DropboxPortableAHK.exe
    PRC - [2012/04/17 09:19:15 | 001,506,304 | ---- | M] (nionsoftware) -- C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\DropboxPortableAHK.exe
    PRC - [2012/04/11 15:06:50 | 010,755,728 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/04 13:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/29 13:36:30 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/03/27 15:19:50 | 009,892,336 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
    PRC - [2012/03/26 15:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
    PRC - [2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
    PRC - [2012/03/20 04:32:24 | 009,413,712 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
    PRC - [2012/03/16 09:48:46 | 000,157,920 | ---- | M] () -- C:\Program Files\Megacloud\VSSService.exe
    PRC - [2012/03/16 09:45:40 | 001,636,864 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\Megacloud\Livedrive.exe
    PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/03/10 12:03:56 | 004,341,424 | ---- | M] (geeNian Inc.) -- C:\Program Files\OpenDrive\OpenDrive_Tray.exe
    PRC - [2012/02/29 10:03:48 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
    PRC - [2012/02/29 10:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
    PRC - [2012/02/27 19:06:40 | 000,451,504 | ---- | M] (LaCie) -- C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe
    PRC - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    PRC - [2012/02/15 07:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/02/02 05:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2012/02/02 05:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2012/01/23 12:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/01/23 12:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/12/08 17:21:38 | 001,896,624 | ---- | M] (PortableApps.com) -- C:\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    PRC - [2011/11/18 17:01:20 | 001,775,064 | ---- | M] (Pro Softnet Corp.) -- C:\IDSync\IDSyncTray.exe
    PRC - [2011/10/21 17:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011/09/14 11:36:22 | 002,037,208 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\IDSync\IDSyncClient.exe
    PRC - [2011/09/14 11:35:36 | 000,046,552 | ---- | M] () -- C:\IDSync\IDSyncCDBManager.exe
    PRC - [2011/09/14 11:35:10 | 000,185,816 | ---- | M] () -- C:\IDSync\IDSNotifier.exe
    PRC - [2011/09/02 08:42:06 | 024,194,416 | ---- | M] (Dropbox, Inc.) -- C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/09/02 08:42:06 | 024,194,416 | ---- | M] (Dropbox, Inc.) -- C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune1\ZuneLauncher.exe
    PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/07/02 02:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    PRC - [2011/07/02 02:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
    PRC - [2011/06/09 18:20:50 | 000,144,856 | ---- | M] (Pro Softnet Corporation, U.S.A) -- C:\IDSync\IDSyncService.exe
    PRC - [2011/05/26 00:21:10 | 000,431,896 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
    PRC - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/05/06 15:57:26 | 000,028,672 | ---- | M] () -- C:\IDSync\IDSyncSDBManager.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/04/08 20:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    PRC - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
    PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/12/01 22:26:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
    PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/08/30 11:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
    PRC - [2010/06/17 05:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    PRC - [2010/03/15 16:00:46 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
    PRC - [2010/03/15 15:33:52 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
    PRC - [2010/03/15 15:32:38 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
    PRC - [2009/09/29 17:56:26 | 000,464,224 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
    PRC - [2009/09/29 17:56:26 | 000,189,792 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
    PRC - [2009/09/29 17:56:04 | 000,226,536 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe
    PRC - [2009/09/16 11:34:20 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/09/16 11:34:02 | 000,148,776 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
    PRC - [2009/09/08 18:07:24 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe
    PRC - [2009/02/14 14:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
    PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/20 09:44:43 | 000,160,256 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\ZumoLocalGateway.dll4230952433147156053.lib
    MOD - [2012/04/20 09:44:35 | 000,314,368 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\WindowsFolderWatcher.dll1509960396461356576.lib
    MOD - [2012/04/20 09:42:59 | 000,205,824 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\WindowsAPI.dll5528338571454188678.lib
    MOD - [2012/04/19 14:10:58 | 000,509,440 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
    MOD - [2012/04/18 23:25:15 | 000,364,032 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Wuala\Program0\lib.395\jcbfs3.dll
    MOD - [2012/04/18 23:25:15 | 000,165,376 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Wuala\Program0\lib.395\orangevolt-4n-1.1.2.dll
    MOD - [2012/04/12 20:49:37 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
    MOD - [2012/04/12 20:35:26 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
    MOD - [2012/04/12 20:34:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
    MOD - [2012/04/12 20:34:52 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
    MOD - [2012/04/11 15:06:50 | 010,755,728 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
    MOD - [2012/04/11 15:06:44 | 000,221,840 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
    MOD - [2012/03/29 12:33:34 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
    MOD - [2012/03/29 12:33:34 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
    MOD - [2012/03/27 15:19:50 | 009,892,336 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
    MOD - [2012/03/27 14:34:08 | 001,070,592 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\ServerTransferLibrary.dll
    MOD - [2012/03/16 09:43:12 | 000,614,912 | ---- | M] () -- C:\Program Files\Megacloud\Livedrive.Localisation.dll
    MOD - [2012/03/10 12:00:48 | 000,090,800 | ---- | M] () -- C:\Program Files\OpenDrive\OpenDrive_ShellUtils.dll
    MOD - [2012/03/07 18:05:30 | 000,350,720 | ---- | M] () -- C:\Program Files\OpenDrive\libcurl.dll
    MOD - [2012/03/07 18:05:00 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenDrive\libssh2.dll
    MOD - [2012/02/29 10:03:48 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
    MOD - [2012/02/29 10:03:48 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
    MOD - [2012/02/29 10:03:48 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
    MOD - [2012/02/29 10:03:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll
    MOD - [2012/02/29 10:03:48 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
    MOD - [2012/02/29 10:03:48 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
    MOD - [2012/02/29 10:03:48 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
    MOD - [2012/02/29 10:03:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
    MOD - [2012/02/29 10:03:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
    MOD - [2012/02/29 10:03:48 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
    MOD - [2012/02/29 10:03:48 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
    MOD - [2012/02/29 10:03:48 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
    MOD - [2012/02/29 10:03:48 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll
    MOD - [2012/02/29 10:03:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
    MOD - [2012/02/29 10:03:48 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
    MOD - [2012/02/29 10:03:48 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
    MOD - [2012/02/29 10:03:48 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
    MOD - [2012/02/29 10:03:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll
    MOD - [2012/02/29 10:03:48 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
    MOD - [2012/02/29 10:03:48 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
    MOD - [2012/02/29 10:03:48 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll
    MOD - [2012/02/29 10:03:48 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
    MOD - [2012/02/29 10:03:48 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
    MOD - [2012/02/29 10:03:48 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
    MOD - [2012/02/29 10:03:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
    MOD - [2012/02/29 10:03:48 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
    MOD - [2012/02/29 10:03:48 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
    MOD - [2012/02/29 10:03:48 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
    MOD - [2012/02/29 10:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
    MOD - [2012/02/29 10:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
    MOD - [2012/02/29 10:03:48 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
    MOD - [2012/02/29 10:03:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
    MOD - [2012/02/29 10:03:48 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
    MOD - [2012/02/29 10:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
    MOD - [2012/02/29 10:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
    MOD - [2012/02/29 10:03:48 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
    MOD - [2012/02/29 10:03:48 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
    MOD - [2012/02/29 10:03:48 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
    MOD - [2012/02/29 10:03:48 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
    MOD - [2012/02/29 10:03:48 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
    MOD - [2012/02/29 10:03:48 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
    MOD - [2012/02/29 10:03:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
    MOD - [2012/02/29 10:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll
    MOD - [2012/02/29 10:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
    MOD - [2012/02/29 10:03:48 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
    MOD - [2012/02/29 10:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
    MOD - [2012/02/29 10:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
    MOD - [2012/02/29 10:03:48 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
    MOD - [2012/02/29 10:03:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
    MOD - [2012/02/29 10:03:48 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
    MOD - [2012/02/29 10:03:48 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
    MOD - [2012/02/29 10:03:48 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
    MOD - [2012/02/29 10:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
    MOD - [2012/02/29 10:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
    MOD - [2012/02/29 10:03:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
    MOD - [2012/02/29 10:03:48 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
    MOD - [2012/02/29 10:03:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
    MOD - [2012/02/29 10:03:48 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
    MOD - [2012/02/29 10:03:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
    MOD - [2012/02/29 10:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
    MOD - [2012/02/29 10:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
    MOD - [2012/02/29 10:03:48 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
    MOD - [2012/02/29 10:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
    MOD - [2012/02/29 10:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
    MOD - [2012/02/29 10:03:48 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
    MOD - [2012/02/29 10:03:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
    MOD - [2012/02/29 10:03:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
    MOD - [2012/02/29 10:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
    MOD - [2012/02/29 10:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
    MOD - [2012/02/29 10:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
    MOD - [2012/02/29 10:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
    MOD - [2012/02/29 10:03:48 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
    MOD - [2012/02/29 10:03:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
    MOD - [2012/02/29 10:03:48 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll
    MOD - [2012/02/29 10:03:48 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll
    MOD - [2012/02/29 10:03:46 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
    MOD - [2012/02/29 10:03:46 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
    MOD - [2012/02/29 10:03:46 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
    MOD - [2012/02/29 10:03:46 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
    MOD - [2012/02/29 10:03:46 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
    MOD - [2012/02/29 10:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
    MOD - [2012/02/29 10:03:46 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll
    MOD - [2012/02/29 10:03:46 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
    MOD - [2012/02/29 10:03:46 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
    MOD - [2012/02/29 10:03:46 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
    MOD - [2012/02/29 10:03:46 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll
    MOD - [2012/02/29 10:03:46 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/02/16 15:39:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
    MOD - [2012/02/16 09:43:43 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
    MOD - [2012/02/16 09:43:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/16 09:43:35 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
    MOD - [2012/02/16 09:43:34 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
    MOD - [2012/02/16 09:43:34 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
    MOD - [2012/02/16 09:43:30 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
    MOD - [2012/02/16 09:42:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74a1075c047edd51ba44cebf5ecf715c\System.Xml.ni.dll
    MOD - [2012/02/16 09:42:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2012/02/16 09:42:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2012/02/02 05:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2011/10/19 09:06:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/14 11:35:10 | 000,185,816 | ---- | M] () -- C:\IDSync\IDSNotifier.exe
    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2011/08/01 15:56:30 | 000,074,240 | ---- | M] () -- C:\Program Files\OpenDrive\zlibwapi.dll
    MOD - [2011/07/28 15:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files\Megacloud\AlphaFS.dll
    MOD - [2011/07/02 02:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    MOD - [2011/07/02 02:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
    MOD - [2011/01/27 00:37:42 | 003,622,128 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\plugin\libbizlplugin.dll
    MOD - [2010/12/01 22:26:38 | 000,195,584 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\libgsoap.dll
    MOD - [2010/12/01 22:26:36 | 000,400,384 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\sqlite3.dll
    MOD - [2010/12/01 22:26:36 | 000,375,808 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtXml4.dll
    MOD - [2010/12/01 22:26:36 | 000,322,048 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\log4cplus.dll
    MOD - [2010/12/01 22:26:36 | 000,013,312 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\featureController.dll
    MOD - [2010/12/01 22:26:35 | 002,452,992 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtCore4.dll
    MOD - [2010/12/01 22:26:35 | 001,008,640 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtNetwork4.dll
    MOD - [2010/12/01 22:26:34 | 000,062,464 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\zlib1.dll
    MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/07/14 17:34:36 | 000,194,048 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\curllib.dll
    MOD - [2010/07/14 17:34:36 | 000,110,592 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\openldap.dll
    MOD - [2010/07/14 17:34:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\libsasl.dll
    MOD - [2010/07/14 17:30:44 | 002,099,200 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\QtCore4.dll
    MOD - [2010/07/14 17:23:58 | 007,816,192 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\QtGui4.dll
    MOD - [2010/07/14 16:42:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\zlib1.dll
    MOD - [2010/06/17 05:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    MOD - [2009/09/29 17:56:28 | 000,034,024 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLSchedps.dll
    MOD - [2009/09/29 17:56:26 | 000,312,680 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLCapEngine.dll
    MOD - [2009/09/29 17:56:26 | 000,042,216 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLCapSvcps.dll
    MOD - [2009/09/16 11:34:26 | 000,873,768 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/09/16 11:34:16 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvcPS.dll
    MOD - [2009/06/11 05:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2009/02/14 14:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
    MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
    MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavreport.dll -- (zpcollector)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bb-run.dll -- (wmccds)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GVCplDrv.dll -- (vsdatant)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\starwindserviceae.dll -- (viaagp1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (unrealircd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (tm_cfw)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (sprtsvc_dellsupportcenter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\es1371.dll -- (servidor)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tb2launch.dll -- (se59unic)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimusb.dll -- (procexp100)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UMPass.dll -- (pcx1nd5)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (pcctlcom)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GcKernel.dll -- (paamsrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Eunic.dll -- (nwlnkipx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMFLT.dll -- (nvcap)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMP.dll -- (ndassvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTIDrvr.dll -- (MSSQL$AUTODESKVAULT)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaRdPnp.dll -- (LRMINIPORT)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EU3_USB.dll -- (LC7981)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimTV5.dll -- (iviaspi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MailService.dll -- (iastor)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (hcwPVRP2)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI -- (Fabs)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58obex.dll -- (FA312)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nimcrpcsu.dll -- (dot4scan)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmboot.dll -- (dmboot)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSIRCOMM.dll -- (dlacdbhm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlartl_n.dll -- (DCamUSBMke)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\beatjamupnpmusicserver.dll -- (ctdvda2k)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7updsvc.dll -- (cisvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdfdll.dll -- (ccevtmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATNT40K.dll -- (btkrnl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lktimesync.dll -- (Bcim)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMPR5.dll -- (application)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\videX32.dll -- (ADSMService)
    SRV - [2012/04/17 20:43:55 | 000,252,576 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/28 12:38:11 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
    SRV - [2012/03/16 09:48:46 | 000,157,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Megacloud\VSSService.exe -- (MegacloudVSSService)
    SRV - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
    SRV - [2012/02/02 05:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2012/01/23 12:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/10/07 22:41:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2011/07/02 02:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2011/07/02 02:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
     
  8. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/06/09 18:20:50 | 000,144,856 | ---- | M] (Pro Softnet Corporation, U.S.A) [Auto | Running] -- C:\IDSync\IDSyncService.exe -- (IDSyncService)
    SRV - [2011/05/26 00:21:10 | 000,431,896 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe -- (wrapper)
    SRV - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/08/30 11:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/09/29 17:56:26 | 000,464,224 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
    SRV - [2009/09/29 17:56:26 | 000,189,792 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/21 10:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\xampp\service.exe -- (XAMPP)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujpmglgd.sys -- (ujpmglgd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Cheung\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/17 20:30:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/01/25 13:58:00 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
    DRV - [2012/01/25 13:57:48 | 000,024,192 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2012/01/25 13:57:44 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2012/01/25 13:57:36 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2011/12/02 18:37:10 | 000,296,336 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
    DRV - [2011/11/08 12:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
    DRV - [2011/07/28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV - [2011/07/19 21:14:36 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
    DRV - [2011/05/25 07:40:12 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
    DRV - [2011/05/25 07:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
    DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
    DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
    DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV - [2011/01/06 11:29:20 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntcdrdrv.sys -- (ntcdrdrv)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/12/02 15:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/12/02 15:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/12/02 15:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/12/02 15:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/08/11 17:18:08 | 000,070,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22)
    DRV - [2010/08/11 17:15:48 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16)
    DRV - [2010/02/16 12:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs)
    DRV - [2009/10/13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
    DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
    DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ISODisk.sys -- (ISODisk)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dreamerz.biz/home.htm
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 50 6D 54 A2 7D CC 01 [binary data]
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{05799638-0D3B-4e23-9A83-52B86197D709}: "URL" = http://www.linkedin.com/search?search= &reset= &searchOrigin=I&keywords={searchTerms}
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{38B41D2F-5F4C-46E8-8AD1-DC616BCCBE5E}: "URL" = http://www.bigoven.com/private/searchrecipes.aspx?title={searchTerms}&source=IE
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{5C8A9EA7-CF11-4DA1-A65E-81E33B8F1357}: "URL" = http://www.graysonline.com/Search.aspx?q={searchTerms}
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;127.0.0.1:9421;<local>

    ========== FireFox ==========



    FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/04/20 08:20:05 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Users\Cheung\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Cheung\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Cheung\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cheung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cheung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/02 13:05:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/14 18:02:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/18 21:12:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/02 13:05:06 | 000,000,000 | ---D | M]

    [2012/03/08 22:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions
    [2012/03/08 22:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2011/06/25 13:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions\xulrunner@yoono.com
    [2012/04/18 17:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions
    [2012/03/22 23:09:23 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    [2011/09/28 12:50:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions\ffxtlbr@babylon.com
    [2012/03/27 10:05:52 | 000,002,230 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\searchplugins\SearchTheWeb.xml
    [2012/04/18 21:12:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Cheung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

    O1 HOSTS File: ([2012/04/19 14:09:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (IEToolbarBHO Class) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (PrimaDesk Login Helper) - {7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09} - C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll (PrimaDesk, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
    O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Megacloud\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (PrimadeskToolbar) - {1B5498A8-C09C-43DD-89FC-67803840387E} - C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll (PrimaDesk, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (GoBox) - {6A719530-8443-4898-9BC4-69E76B5F1C89} - C:\Program Files\GoBox\gobox.dll (AddOn Exchange, Inc.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (GoBox) - {6A719530-8443-4898-9BC4-69E76B5F1C89} - C:\Program Files\GoBox\gobox.dll (AddOn Exchange, Inc.)
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Fiabee] C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe ()
    O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk ()
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe ()
    O4 - HKLM..\Run: [OpenDrive Tray] C:\Program Files\OpenDrive\OpenDrive_Tray.exe (geeNian Inc.)
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Trayserver_EN.exe (MAGIX AG)
    O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune1\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Akamai NetSession Interface] C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe ()
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [IDSyncStartup] C:\IDSync\IDSyncStartup.exe (Pro Softnet Corporation)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Livedrive] C:\Program Files\Megacloud\Livedrive.exe (Livedrive Internet Ltd)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoBox.lnk = C:\Program Files\GoBox\gobox_desktop.exe (AddOn Exchange, Inc.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDriveSync Tray.lnk = C:\IDSync\IDSyncTray.exe (Pro Softnet Corp.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MangoApps Desktop.lnk = C:\Program Files\MangoApps Desktop\MangoApps Desktop.exe ()
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud.lnk = C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe ()
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.lnk = C:\Portable Apps\Start.exe (PortableApps.com)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
    O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe (LaCie)
    O4 - Startup: C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Add to Evernote 4 - C:\Portable Apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Linked&In Search - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} https://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll (PrimaDesk FileInfo Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/06/28 11:15:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: btkrnl - %systemroot%\system32\ATNT40K.dll File not found
    NetSvcs: ADSMService - %systemroot%\system32\videX32.dll File not found
    NetSvcs: viaagp1 - %systemroot%\system32\starwindserviceae.dll File not found
    NetSvcs: pcx1nd5 - %systemroot%\system32\UMPass.dll File not found
    NetSvcs: dmboot - %systemroot%\system32\dmboot.dll File not found
    NetSvcs: LC7981 - %systemroot%\system32\EU3_USB.dll File not found
    NetSvcs: DCamUSBMke - %systemroot%\system32\dlartl_n.dll File not found
    NetSvcs: alcan5wn - File not found
    NetSvcs: Bcim - %systemroot%\system32\lktimesync.dll File not found
    NetSvcs: swupdtmr - File not found
    NetSvcs: SGHIDI - File not found
    NetSvcs: DcCam - File not found
    NetSvcs: pcctlcom - \.\globalroot\C:\Windows\system32\svchost.exe File not found
    NetSvcs: sis162u - File not found
    NetSvcs: ANC - File not found
    NetSvcs: logonsvcid - File not found
    NetSvcs: ftdisk - File not found
    NetSvcs: usnsvc - File not found
    NetSvcs: bdss - File not found
    NetSvcs: icraplus - File not found
    NetSvcs: F700ius - File not found
    NetSvcs: zebrceb - File not found
    NetSvcs: pxfhbus - File not found
    NetSvcs: s125mdfl - File not found
    NetSvcs: RDID1007 - File not found
    NetSvcs: SetupSys - File not found
    NetSvcs: symappcore - File not found
    NetSvcs: iastor - %systemroot%\system32\MailService.dll File not found
    NetSvcs: btnetfilter - File not found
    NetSvcs: paamsrv - %systemroot%\system32\GcKernel.dll File not found
    NetSvcs: vsdatant - %systemroot%\system32\GVCplDrv.dll File not found
    NetSvcs: LRMINIPORT - %systemroot%\system32\MaRdPnp.dll File not found
    NetSvcs: procexp100 - %systemroot%\system32\rimusb.dll File not found
    NetSvcs: FA312 - %systemroot%\system32\se58obex.dll File not found
    NetSvcs: zpcollector - %systemroot%\system32\pavreport.dll File not found
    NetSvcs: W700mdfl - File not found
    NetSvcs: tsdhd - File not found
    NetSvcs: nvedavt - File not found
    NetSvcs: p2k - File not found
    NetSvcs: ctxcpuusync - File not found
    NetSvcs: SGIR - File not found
    NetSvcs: atierecord - File not found
    NetSvcs: unrealircd - %systemroot%\system32\cvspydr2.dll File not found
    NetSvcs: nwlnkipx - %systemroot%\system32\se2Eunic.dll File not found
    NetSvcs: se59unic - %systemroot%\system32\tb2launch.dll File not found
    NetSvcs: servidor - %systemroot%\system32\es1371.dll File not found
    NetSvcs: ctdvda2k - %systemroot%\system32\beatjamupnpmusicserver.dll File not found
    NetSvcs: ndassvc - %systemroot%\system32\SNMP.dll File not found
    NetSvcs: application - %systemroot%\system32\MREMPR5.dll File not found
    NetSvcs: CTERFXFX.DLL - File not found
    NetSvcs: dlaifs_m - File not found
    NetSvcs: autocomplete - File not found
    NetSvcs: AlKernel - File not found
    NetSvcs: msftesql - File not found
    NetSvcs: SbcpHid - File not found
    NetSvcs: cicsclient - File not found
    NetSvcs: vcommmgr - File not found
    NetSvcs: avhook - File not found
    NetSvcs: AcronisOSSReinstallSvc - File not found
    NetSvcs: SymIM - File not found
    NetSvcs: contentfilter - File not found
    NetSvcs: swmidi - File not found
    NetSvcs: ELmou - File not found
    NetSvcs: ZY202_XP - File not found
    NetSvcs: niorbk - File not found
    NetSvcs: adobeversioncue - File not found
    NetSvcs: dot4scan - %systemroot%\system32\nimcrpcsu.dll File not found
    NetSvcs: iviaspi - %systemroot%\system32\iAimTV5.dll File not found
    NetSvcs: hcwPVRP2 - %systemroot%\system32\ma_cmidi_installerservice.dll File not found
    NetSvcs: sprtsvc_dellsupportcenter - %systemroot%\system32\fltmgr.dll File not found
    NetSvcs: wmccds - %systemroot%\system32\bb-run.dll File not found
    NetSvcs: nvcap - %systemroot%\system32\CAMFLT.dll File not found
    NetSvcs: MSSQL$AUTODESKVAULT - %systemroot%\system32\NTIDrvr.dll File not found
    NetSvcs: cisvc - %systemroot%\system32\avg7updsvc.dll File not found
    NetSvcs: ccevtmgr - %systemroot%\system32\bdfdll.dll File not found
    NetSvcs: tm_cfw - %systemroot%\system32\carboniteservice.dll File not found
    NetSvcs: dlacdbhm - %systemroot%\system32\MSIRCOMM.dll File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/20 09:44:08 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{DB68AF3D-8A70-4B10-BB2C-CEDF38EA1BED}
    [2012/04/20 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{AF480C92-5A54-4357-A2B1-729B0A22AE43}
    [2012/04/19 16:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak
    [2012/04/19 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2012/04/19 16:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2012/04/19 16:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/19 16:23:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/04/19 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/04/19 16:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Download Manager
    [2012/04/19 16:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
    [2012/04/19 14:11:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{53D5BB11-4F50-4365-9F22-C45CECE8EEC6}
    [2012/04/19 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B02622FA-5E7B-418A-97EC-E8FCB1DA2D37}
     
  9. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    [2012/04/19 14:09:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/04/18 23:56:11 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3B155616-3D79-451F-99F8-04433A2173A4}
    [2012/04/18 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B955F603-71FE-43FD-AFE8-73472388F4AA}
    [2012/04/18 23:05:53 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/04/18 22:47:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    [2012/04/18 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/04/18 22:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/04/18 22:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2012/04/18 22:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
    [2012/04/18 22:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/04/18 21:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/04/18 21:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/04/18 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2012/04/18 17:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/04/18 17:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
    [2012/04/18 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3B234D68-3F97-48B6-AFCC-4C043068A38E}
    [2012/04/18 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\SkypePM
    [2012/04/18 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{E8EC141A-A6F7-4AB2-AEF4-406BCE067A6E}
    [2012/04/18 10:27:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1ECD6EEA-492D-48DE-819C-8DA95A3F9850}
    [2012/04/18 09:59:58 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{68B96AF3-67B5-4A4C-A36D-A02342AAAB00}
    [2012/04/18 09:03:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/18 09:03:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/18 09:03:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/18 09:02:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/18 09:02:53 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/18 09:01:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/18 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{9EE2CF1B-F63D-4DBE-B672-8F72B3623F92}
    [2012/04/17 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{43F20C6D-EBFE-412C-B5CC-AED5B457B242}
    [2012/04/17 20:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/04/17 20:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    [2012/04/17 20:30:30 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2012/04/17 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/04/17 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B48316D6-C584-49A4-9241-3FBE8AE1E7A9}
    [2012/04/17 16:02:07 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Cheung\Desktop\boot_cleaner.exe
    [2012/04/17 11:55:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cheung\Desktop\aswMBR.exe
    [2012/04/17 11:11:30 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{56F14DDE-0F99-49BC-A42A-A91A4976B6AF}
    [2012/04/17 11:05:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/17 09:08:57 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{C930C657-C4D5-419A-BDCE-CCDE68B3A091}
    [2012/04/16 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1B72F4AF-DAFA-47C1-B040-23068B05EC36}
    [2012/04/16 17:23:20 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{48D69A34-2EEC-4C24-A449-A56634FB87D6}
    [2012/04/16 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
    [2012/04/16 15:57:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Cheung\Desktop\TFC.exe
    [2012/04/16 15:54:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
    [2012/04/16 13:47:40 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
    [2012/04/16 13:31:33 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D2D99226-CC43-4594-957D-0B2643789272}
    [2012/04/16 10:29:05 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{BF4A0660-038F-4325-BD0C-301A2B0796D6}
    [2012/04/15 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{C79FA9A6-6601-4446-BFC2-B73ABCA802FD}
    [2012/04/15 17:53:53 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3F0BF5B6-C2C6-468D-A253-B5F897315C2E}
    [2012/04/14 18:52:30 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Remote
    [2012/04/14 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{A5B6A3D7-C0BB-402D-A787-D607CEED761C}
    [2012/04/14 18:08:06 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\adaware
    [2012/04/14 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2012/04/14 18:07:52 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
    [2012/04/14 18:07:39 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
    [2012/04/14 18:07:21 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
    [2012/04/14 18:07:21 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
    [2012/04/14 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2012/04/14 18:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
    [2012/04/14 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
    [2012/04/14 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1E392024-CDA3-49EC-93EB-B0DE7AF0972C}
    [2012/04/14 00:34:12 | 000,029,016 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
    [2012/04/14 00:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
    [2012/04/14 00:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/04/14 00:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDrive
    [2012/04/14 00:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDrive
    [2012/04/14 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D6112BD0-2AF7-4B0C-8E20-FAE1BB86F637}
    [2012/04/12 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{92DA621C-FF95-4BA4-ABA2-E7B205A5D782}
    [2012/04/11 16:04:38 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2012/04/10 14:47:33 | 000,000,000 | -HSD | C] -- C:\~LD
    [2012/04/10 14:41:25 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{60169B06-6F8A-498A-A7B9-643FFF6D2957}
    [2012/04/09 20:47:08 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D6EAA220-7A43-4177-A20E-7C8254733C84}
    [2012/04/08 15:46:52 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{6629C97C-6288-42A9-8761-BB259B2D4764}
    [2012/04/08 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{DF38BF77-5464-466A-9BAE-D5CE7F1B42DE}
    [2012/04/08 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\EverioBackup
    [2012/04/08 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\MakeDiscVideo
    [2012/04/08 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\PCM4Everio
    [2012/04/08 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{EC6D206D-3F26-43D4-AFD5-2218779EC910}
    [2012/04/08 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1185EBEB-4016-40FB-AA88-495E84239EB3}
    [2012/04/04 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
    [2012/04/04 16:37:06 | 000,000,000 | ---D | C] -- C:\xampp
    [2012/04/04 12:17:30 | 000,146,904 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\cbfs.sys
    [2012/04/04 12:16:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\Megacloud
    [2012/04/04 12:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacloud
    [2012/04/04 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Megacloud
    [2012/04/04 12:14:23 | 000,000,000 | R--D | C] -- C:\Users\Cheung\Documents\Fiabee
    [2012/04/04 12:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiabee
    [2012/04/04 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spectromancer
    [2012/04/04 12:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spectromancer
    [2012/04/04 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spectromancer
    [2012/04/04 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\OpenDrive
    [2012/04/03 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Fiabee
    [2012/04/03 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tuso
    [2012/03/27 22:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{BCAA9F1D-1F32-4204-958A-78CE64E21FCF}
    [2012/03/26 16:14:29 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\Podcast
    [2012/03/26 15:56:44 | 000,000,000 | ---D | C] -- C:\Users\Cheung\.gstreamer-0.10
    [2012/03/26 15:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola Media Link
    [2012/03/26 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility
    [2012/03/26 15:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
    [2012/03/26 15:45:56 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\MotoCast
    [2012/03/22 23:10:04 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B11F8463-3B3C-4EFA-922C-AD55657175C5}
    [2012/03/22 23:07:02 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
    [2012/03/22 23:07:02 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
    [2012/03/22 23:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
    [2012/03/22 23:07:01 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
    [2012/03/22 23:07:01 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
    [2012/03/22 23:07:01 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
    [2012/03/22 23:07:01 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
    [2012/03/22 23:07:01 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
    [2012/03/22 23:07:01 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
    [2012/03/22 23:07:00 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
    [2012/03/22 23:07:00 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
    [2012/03/22 23:06:59 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
    [2012/03/22 23:06:59 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
    [2012/03/22 22:30:17 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{367D2617-E872-4FEA-8773-9F8476790042}
    [2011/07/16 20:57:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cheung\AppData\Roaming\pcouffin.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Users\Cheung\AppData\Local\*.tmp files -> C:\Users\Cheung\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/20 09:43:59 | 000,000,952 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud.lnk
    [2012/04/20 09:42:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/20 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
    [2012/04/20 09:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/20 09:18:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/20 08:29:19 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/20 08:29:19 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/20 08:20:52 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2012/04/20 08:20:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/20 08:20:05 | 382,878,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/04/20 08:20:03 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/19 16:46:04 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2012/04/19 16:30:24 | 000,671,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/19 16:30:24 | 000,128,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/04/19 16:21:02 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Download Manager.lnk
    [2012/04/19 14:09:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/19 11:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/04/19 10:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
    [2012/04/18 22:36:28 | 000,001,345 | ---- | M] () -- C:\Users\Cheung\Desktop\Media Center.lnk
    [2012/04/18 22:21:24 | 000,001,069 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    [2012/04/18 22:21:08 | 000,000,894 | ---- | M] () -- C:\Users\Cheung\Desktop\Evernote.lnk
    [2012/04/18 21:11:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2012/04/18 17:48:34 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/04/18 17:47:46 | 000,000,981 | ---- | M] () -- C:\Users\Cheung\Desktop\Orbit.lnk
    [2012/04/18 03:57:01 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
    [2012/04/17 20:39:20 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/04/17 20:30:30 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2012/04/17 16:01:37 | 000,000,512 | ---- | M] () -- C:\Users\Cheung\Desktop\MBR.dat
    [2012/04/17 12:03:34 | 000,044,607 | ---- | M] () -- C:\Users\Cheung\Desktop\bootkit_remover(1).zip
    [2012/04/17 08:19:08 | 000,000,512 | ---- | M] () -- C:\Users\Cheung\Documents\MBR.dat
    [2012/04/16 15:57:04 | 000,047,810 | ---- | M] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
    [2012/04/16 13:47:51 | 000,044,607 | ---- | M] () -- C:\Users\Cheung\Desktop\bootkit_remover.zip
    [2012/04/14 23:22:17 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
    [2012/04/14 23:22:16 | 000,001,682 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml
    [2012/04/14 18:02:47 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/04/14 00:34:12 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2012/04/14 00:29:45 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\OpenDrive.lnk
    [2012/04/12 21:49:19 | 000,001,073 | ---- | M] () -- C:\Users\Cheung\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2012/04/10 18:21:19 | 000,501,478 | ---- | M] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB1.pdf
    [2012/04/10 18:19:15 | 000,190,955 | ---- | M] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB.pdf
    [2012/04/04 17:29:29 | 000,000,614 | ---- | M] () -- C:\Users\Cheung\Desktop\XAMPP Control Panel.lnk
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/04/04 12:16:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Megacloud Control Panel.lnk
    [2012/04/04 12:14:15 | 000,002,583 | ---- | M] () -- C:\Users\Public\Desktop\Fiabee Sync.lnk
    [2012/03/28 18:09:37 | 000,028,363 | ---- | M] () -- C:\Users\Cheung\Desktop\Salpac Reimbursement Form.pdf
    [2012/03/27 10:21:56 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
    [2012/03/23 10:18:08 | 000,043,356 | ---- | M] () -- C:\Users\Cheung\Desktop\HCF Receipt 23-03-2012pdf.pdf
    [2012/03/22 23:09:38 | 000,010,774 | ---- | M] () -- C:\END
    [2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
    [2012/03/22 10:21:20 | 000,000,000 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\bibstats
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Users\Cheung\AppData\Local\*.tmp files -> C:\Users\Cheung\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/19 16:46:04 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2012/04/19 16:21:02 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Download Manager.lnk
    [2012/04/18 22:50:58 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/04/18 22:49:21 | 000,001,288 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/04/18 22:42:23 | 000,001,372 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2012/04/18 22:37:18 | 000,002,400 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/04/18 22:36:28 | 000,001,345 | ---- | C] () -- C:\Users\Cheung\Desktop\Media Center.lnk
    [2012/04/18 22:21:24 | 000,001,069 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    [2012/04/18 22:21:08 | 000,000,894 | ---- | C] () -- C:\Users\Cheung\Desktop\Evernote.lnk
    [2012/04/18 09:03:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/18 09:03:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/18 09:03:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/18 09:03:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/18 09:03:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/17 20:39:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/04/17 16:01:37 | 000,000,512 | ---- | C] () -- C:\Users\Cheung\Desktop\MBR.dat
    [2012/04/17 12:03:52 | 000,044,607 | ---- | C] () -- C:\Users\Cheung\Desktop\bootkit_remover(1).zip
    [2012/04/17 09:33:04 | 000,302,592 | ---- | C] () -- C:\Users\Cheung\Desktop\gmer.exe
    [2012/04/17 08:19:08 | 000,000,512 | ---- | C] () -- C:\Users\Cheung\Documents\MBR.dat
    [2012/04/16 16:00:32 | 000,001,917 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    [2012/04/16 15:57:04 | 000,047,810 | ---- | C] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
    [2012/04/16 15:56:48 | 000,337,137 | ---- | C] () -- C:\Users\Cheung\Desktop\FSS.exe
    [2012/04/16 13:47:53 | 000,044,607 | ---- | C] () -- C:\Users\Cheung\Desktop\bootkit_remover.zip
    [2012/04/14 23:22:17 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
    [2012/04/14 23:22:16 | 000,001,682 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml
    [2012/04/14 00:34:12 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2012/04/14 00:34:12 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2012/04/14 00:29:45 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\OpenDrive.lnk
    [2012/04/10 18:21:19 | 000,501,478 | ---- | C] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB1.pdf
    [2012/04/10 18:19:15 | 000,190,955 | ---- | C] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB.pdf
    [2012/04/04 17:29:29 | 000,000,614 | ---- | C] () -- C:\Users\Cheung\Desktop\XAMPP Control Panel.lnk
    [2012/04/04 13:26:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/04 12:16:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Megacloud Control Panel.lnk
    [2012/04/04 12:14:14 | 000,002,583 | ---- | C] () -- C:\Users\Public\Desktop\Fiabee Sync.lnk
    [2012/03/28 18:09:37 | 000,028,363 | ---- | C] () -- C:\Users\Cheung\Desktop\Salpac Reimbursement Form.pdf
    [2012/03/23 10:18:08 | 000,043,356 | ---- | C] () -- C:\Users\Cheung\Desktop\HCF Receipt 23-03-2012pdf.pdf
    [2012/03/22 23:09:34 | 000,010,774 | ---- | C] () -- C:\END
    [2012/03/22 23:09:00 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
    [2012/03/22 23:07:01 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
    [2012/03/22 23:07:01 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
    [2012/03/22 23:07:01 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
    [2012/03/22 23:07:00 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
    [2012/03/22 23:07:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
    [2012/03/22 23:07:00 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
    [2012/03/22 23:06:59 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
    [2012/03/22 23:06:59 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
    [2012/03/22 23:06:59 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
    [2012/03/22 23:06:59 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
    [2012/03/02 10:58:25 | 000,026,072 | ---- | C] () -- C:\Windows\System32\IDSyncXceedCryReg.exe
    [2012/03/02 10:58:23 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
    [2011/11/25 18:19:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/11/25 18:17:53 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
    [2011/11/25 18:14:38 | 000,000,259 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\burnaware.ini
    [2011/11/21 09:29:44 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/11/21 09:29:44 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/10/13 16:34:51 | 000,009,600 | ---- | C] () -- C:\Windows\System32\drivers\ISODisk.sys
    [2011/10/05 16:22:22 | 000,000,000 | ---- | C] () -- C:\Users\Cheung\AppData\Local\{213B2093-6964-4C9C-8C3B-01C9A07DBE5F}
    [2011/10/04 14:34:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/09/28 23:01:41 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/09/28 13:01:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2011/09/11 22:28:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/09/10 16:01:09 | 000,000,048 | ---- | C] () -- C:\Windows\REGKEYNT.INI
    [2011/08/10 09:56:38 | 000,001,456 | ---- | C] () -- C:\Users\Cheung\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/08/03 16:33:36 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2011/07/22 14:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\bibstats
    [2011/07/21 20:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/16 20:57:02 | 000,087,608 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\inst.exe
    [2011/07/16 20:57:02 | 000,007,887 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\pcouffin.cat
    [2011/07/16 20:57:02 | 000,001,144 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\pcouffin.inf
    [2011/07/16 16:22:14 | 000,014,946 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\ekiga.conf
    [2011/07/02 13:51:41 | 000,038,438 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/07/02 13:43:39 | 000,059,904 | ---- | C] () -- C:\Users\Cheung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/25 19:44:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/06/25 19:43:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

    ========== LOP Check ==========

    [2012/04/16 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
    [2012/03/16 16:28:16 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\AUSkey
    [2012/03/13 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Box.Net
    [2011/09/14 13:25:41 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\calibre
    [2011/09/03 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Canon
    [2012/02/16 11:32:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\DAEMON Tools Lite
    [2011/09/13 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\devede
    [2012/04/20 09:43:40 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Dropbox
    [2011/10/13 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Engage.30494F64709E2F035F2CF77E15FD7FCC2DF52FFE.1
    [2012/04/20 09:43:37 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Fiabee
    [2011/11/30 16:25:35 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Foxit Software
    [2011/07/16 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\GetRightToGo
    [2011/06/27 10:49:43 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\GrabPro
    [2012/04/18 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\gtk-2.0
    [2011/09/02 18:19:14 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Image Zone Express
    [2011/09/27 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ImgBurn
    [2012/04/14 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\IObit
    [2011/10/12 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\LinkedIn
    [2011/09/28 22:36:35 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MAGIX
    [2012/04/20 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MegaCloud
    [2012/04/20 09:45:09 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MotoCast
    [2012/03/26 16:15:55 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\motorola
    [2012/03/13 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Mp3tag
    [2011/07/02 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Nokia
    [2011/07/02 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Nokia Ovi Suite
    [2011/07/02 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\OpenCandy
    [2011/10/05 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\OpenDNS Updater
    [2012/04/19 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Orbit
    [2011/07/02 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PC Suite
    [2011/12/30 09:56:40 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PFStaticIP
    [2011/08/29 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PowerCinema
    [2011/08/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Printer Info Cache
    [2011/09/28 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ProgSense
    [2011/11/28 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ProtectDISC
    [2011/06/26 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Qlock
    [2011/06/25 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Softland
    [2011/09/10 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Thinstall
    [2012/03/08 22:53:08 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\TomTom
    [2011/07/12 10:10:37 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\TuneUpMedia
    [2011/11/15 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\uTorrent
    [2011/07/16 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Vso
    [2012/03/02 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Wuala
    [2012/04/11 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\Dropbox
    [2011/06/28 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\GrabPro
    [2011/11/03 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\LinkedIn
    [2011/10/02 09:18:45 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\Orbit
    [2011/08/08 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\PC Suite
    [2011/10/02 09:13:58 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\PowerCinema
    [2011/10/02 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\ProgSense
    [2012/04/11 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\Dropbox
    [2011/10/04 08:59:07 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\Orbit
    [2011/10/02 09:25:16 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\PC Suite
    [2011/10/02 09:25:11 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\PowerCinema
    [2011/10/02 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\ProgSense
    [2012/04/19 09:26:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2012/04/19 14:18:13 | 000,050,193 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/07/03 22:08:13 | 000,000,000 | ---- | M] () -- C:\cscript
    [2012/03/22 23:09:38 | 000,010,774 | ---- | M] () -- C:\END
    [2012/04/20 08:20:03 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/04 08:50:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/27 15:23:33 | 000,000,114 | ---- | M] () -- C:\ISF_ID.dat
    [2011/10/04 10:05:40 | 1858,338,815 | ---- | M] () -- C:\LER0AAW1.iso
    [2011/07/16 20:08:10 | 000,001,060 | ---- | M] () -- C:\libSRTP_log.txt
    [2011/10/04 08:50:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/04/20 08:20:06 | 3488,735,232 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/17 11:05:54 | 000,174,216 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_17.04.2012_11.03.01_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 12:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 12:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 05:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2010/05/16 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL
    [2010/05/16 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL
    [2009/07/14 09:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
    [2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/11/20 20:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/25 08:10:02 | 000,000,221 | -HS- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2001/06/18 21:12:58 | 000,115,200 | ---- | M] (Adaptec) -- C:\Users\Cheung\Desktop\aspichk.exe
    [2012/03/14 03:14:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cheung\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Cheung\Desktop\boot_cleaner.exe
    [2012/04/18 03:57:01 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
    [2012/03/02 00:32:20 | 000,337,137 | ---- | M] () -- C:\Users\Cheung\Desktop\FSS.exe
    [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Cheung\Desktop\gmer.exe
    [2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
    [2012/04/16 15:57:04 | 000,047,810 | ---- | M] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
    [2010/07/18 12:46:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/20 09:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/19 11:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/04/20 09:42:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/20 10:18:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/19 10:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
    [2012/04/20 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
    [2012/04/20 08:20:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/19 09:26:14 | 000,032,640 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/10/04 22:03:17 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/10/04 22:03:17 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/09/01 10:36:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/09/01 10:36:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 09:48:29 | 000,000,402 | -HS- | M] () -- C:\Users\Cheung\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/08/27 11:33:09 | 000,000,395 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-17 10:23:52

    < >
    < End of report >
     
  10. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    OTL Extras logfile created on: 20/04/2012 10:10:46 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Cheung\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 24.56% Memory free
    6.50 Gb Paging File | 3.65 Gb Available in Paging File | 56.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 419.99 Gb Total Space | 116.41 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
    Drive D: | 511.52 Gb Total Space | 134.98 Gb Free Space | 26.39% Space Free | Partition Type: NTFS
    Drive E: | 465.75 Gb Total Space | 71.26 Gb Free Space | 15.30% Space Free | Partition Type: NTFS

    Computer Name: CHEUNG-DESKTOP | User Name: Cheung | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "['{F634E3D7-B968-497B-A888-685597C901F6}']" = Spectromancer: Truth and Beauty
    "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048696C5-327D-40C4-8721-4EFA1943E8B3}" = Megacloud
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}" = Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CD62E62-BB98-358E-A807-819354016E05}" = Windows Phone Emulator - ENU
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
    "{12B8E200-99CC-4203-A8D1-4145FC4D0192}" = Microsoft Expression Blend SDK for Windows Phone OS 7.1
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19DC7E0D-9703-4E1D-93D3-1FFF8176CDA9}" = Box for Office
    "{1C08D214-A427-A092-0637-8DCE57275145}" = Shufflr
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
    "{1EFAF492-9A3B-48C3-9349-234B146FDA46}" = LCP 5.04
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A07AA78-79DB-11E1-8313-984BE15F174E}" = Evernote v. 4.5.4
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{305948E4-AA03-C654-E587-EE9A17B4E78E}" = MangoApps Desktop
    "{31F6B2A6-B951-4485-8841-787A6F117529}" = My Little Artist
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34C147B6-35DF-467E-B720-2F1B2C7F47F1}" = SugarSync for Outlook
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
    "{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite
    "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{46757FE3-EF22-41BA-A359-2D6CEBC74805}" = Zune Lyrics
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{571F75D1-E004-5843-2DA6-12EF943D8B6C}" = Bubblins 2
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5985DFB7-F04C-4EC5-820A-FD3C56E23A5B}" = OpenDrive
    "{5B0E58BD-1F06-4A17-80FB-7C93C5FD039B}" = Lyrics Plugin for iTunes
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{6188052A-97FF-04EA-0480-A6A7FE9011D2}" = Deathrace
    "{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{656458ED-DA77-4C82-AF2F-1640C191A2A7}" = Microsoft Advertising SDK for Windows Phone - ENU
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
    "{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
    "{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
    "{6A7387C0-B74F-47D0-A217-B384E55FE0C9}" = Microsoft XNA Game Studio 4.0 Refresh (Redists)
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{6F33C2E2-5E02-4344-90BC-ED55C48341D2}" = WCF Data Services SDK for Windows Phone
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{786D445C-F3D7-35D2-81AA-60DB61F9F552}" = Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
    "{7BB7C284-EBBF-4FBA-9EA9-D277CF94FADD}" = Bubble Breaker
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
    "{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89690B51-2E21-4E93-914E-F9CAC5B24A84}" = Microsoft XNA Game Studio Platform Tools
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{97F2E8BE-3018-47D2-BC2D-F0B5E92D1BF3}" = Motorola Mobile Drivers Installation 5.5.0
    "{981ED060-4769-42D2-99E9-0AC130A87CCF}" = MAGIX Movie Edit Pro 17 Plus Download Version
    "{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 6, 1, 0
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}" = e-Sword
    "{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}" = Windows Phone SDK 7.1 Assemblies
    "{9F85A54D-80D8-5D77-890B-005DF68F0960}" = Poxxle
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A240191E-4302-435E-86FC-A5717EF0CF38}" = Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
    "{A28ADD27-FD54-4EB1-ABEB-F41428070DC3}" = Fiabee Sync
    "{A4CC18F6-DB05-4B03-B724-4128322FA85F}" = Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A721BC43-E63E-3531-B1BF-6A405F9530BD}" = Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A876DDA6-52A9-41FB-B915-A36105ADD14F}" = Bubble Ball Lite
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
    "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
    "{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
    "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC26EB1A-8E6D-4DD5-90B7-316C9E73040C}" = MAGIX Screenshare
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF5D5054-34F7-4A22-3594-29FF1D025029}_is1" = IHF Handball Challenge 12
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
    "{DB953761-E0BF-46C1-A3A3-1584B203C30A}" = DeVeDe
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EDCB60A8-AED5-4AF5-A1C3-57664BDA703A}" = Joukuu Lite
    "{EE3A5B79-C147-4BD9-952A-E894298C2ACA}" = Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EF62AEFF-5588-44A0-BC68-5A4D2B4ECE3B}" = MAGIX Speed burnR (MSI)
    "{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    "AC3Filter_is1" = AC3Filter 1.63b
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Presenter 7" = Adobe Presenter 7
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
    "Akamai" = Akamai NetSession Interface Service
    "Avi2Dvd" = Avi2Dvd 0.6.1
    "AviSynth" = AviSynth 2.5
    "Blend_4.0.30816.0" = Microsoft Expression Blend 4
    "BurnAware Free_is1" = BurnAware Free 4.2
    "Business-in-a-Box" = Business-in-a-Box
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "com.littlebigplay.bubblins2.none" = Bubblins 2
    "com.oceanbreezegames.poxxle.none" = Poxxle
    "com.terrypaton.deathrace.none" = Deathrace
    "CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "doPDF 7 printer_is1" = doPDF 7.2 printer
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
    "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Ekiga" = Ekiga (remove only)
    "Engage.30494F64709E2F035F2CF77E15FD7FCC2DF52FFE.1" = MangoApps Desktop
    "ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader_is1" = Foxit Reader 5.1
    "Free ISO Create Wizard_is1" = Free ISO Create Wizard 4.3.9
    "FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
    "gobox" = GoBox
    "Google Calendar Sync" = Google Calendar Sync
    "Google Chrome Frame" = Google Chrome Frame
    "Google Updater" = Google Updater
    "Google Video Uploader" = Google Video Uploader
    "GTK2-Runtime" = GTK2-Runtime
    "HaaliMkx" = Haali Media Splitter
    "HotspotShield" = Hotspot Shield 2.06
    "IDriveSync_is1" = IDriveSync version 1.0.1 November 18, 2011
    "ImgBurn" = ImgBurn
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
    "Intel AppUp(SM) center 18988" = Intel AppUp(SM) center
    "Jello.Dashboard" = Jello.Dashboard 5.25 beta (Astral)
    "jZip" = jZip
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LinkedIn Internet Explorer Toolbar" = LinkedIn Internet Explorer Toolbar
    "MAGIX_MSI_Videodeluxe17_plus" = MAGIX Movie Edit Pro 17 Plus Download Version
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MFG Trader" = MFG Trader
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU" = Windows Phone SDK 7.1 - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
    "MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
    "Mp3tag" = Mp3tag v2.49
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "Nokia PC Suite" = Nokia PC Suite
    "NoteBurner_is1" = NoteBurner 2.35
    "Office14.PRJPRO" = Microsoft Project Professional 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "OpenAL" = OpenAL
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "Orbit_is1" = Orbit Downloader
    "PFPortChecker" = PFPortChecker 1.0.39
    "Picasa 3" = Picasa 3
    "Portforward Static IP Address" = Portforward Static IP Address 1.0.47
    "Qlock" = Qlock Lite
    "QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
    "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.386
    "RealPlayer 15.0" = RealPlayer
    "RocketDock_is1" = RocketDock 1.3.5
    "shufflr.B44416D205F9BE523726716C5EA9F9A53D22DAAF.1" = Shufflr
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SugarSync" = SugarSync Manager
    "theSkyNet" = theSkyNet
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "TuneUpMedia" = TuneUp Companion 2.1.1
    "TwInbox" = TwInbox (remove only)
    "Unlocker" = Unlocker 1.9.1
    "webmmf" = WebM Media Foundation Components
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.11 (32-bit)
    "Wuala CBFS" = Wuala CBFS
    "Wuala OverlayIcons" = Wuala OverlayIcons
    "xampp" = XAMPP 1.7.7
    "X-Lite 1.5_is1" = X-Lite 3.0
    "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 Refresh
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "Zune" = Zune

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "229ac04bff1f5679" = Cool Remote Server
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "Dulux MyColour4" = Dulux MyColour4
    "MegaCloud" = MegaCloud
    "Wuala" = Wuala

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GVCplDrv.dll -- (vsdatant)
      DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujpmglgd.sys -- (ujpmglgd)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;127.0.0.1:9421;<local>
      O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [AdobeBridge] File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

  13. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

  14. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    Service vsdatant stopped successfully!
    Service vsdatant deleted successfully!
    File %systemroot%\system32\GVCplDrv.dll not found.
    Service ujpmglgd stopped successfully!
    Service ujpmglgd deleted successfully!
    File C:\Windows\system32\drivers\ujpmglgd.sys not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Cheung
    ->Temp folder emptied: 24889129 bytes
    ->Temporary Internet Files folder emptied: 210648960 bytes
    ->Java cache emptied: 4172185 bytes
    ->FireFox cache emptied: 3206483 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 148045 bytes

    User: cheunnat
    ->Temp folder emptied: 0 bytes

    User: DB
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dropbox1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 301747 bytes
    ->Flash cache emptied: 56924 bytes

    User: Dropbox2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 299611 bytes
    ->Flash cache emptied: 56468 bytes

    User: Nathan Cheung
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 5 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 232802 bytes
    RecycleBin emptied: 13724664 bytes

    Total Files Cleaned = 247.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Cheung
    ->Java cache emptied: 0 bytes

    User: cheunnat

    User: DB

    User: Default

    User: Default User

    User: Dropbox1

    User: Dropbox2

    User: Nathan Cheung

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Cheung
    ->Flash cache emptied: 0 bytes

    User: cheunnat

    User: DB

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Dropbox1
    ->Flash cache emptied: 0 bytes

    User: Dropbox2
    ->Flash cache emptied: 0 bytes

    User: Nathan Cheung

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04202012_121055
    Files\Folders moved on Reboot...
    C:\Users\Cheung\AppData\Local\Temp\hsperfdata_Cheung\5060 moved successfully.
    C:\Users\Cheung\AppData\Local\Temp\boost_interprocess\mtx moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPEFF6BY\dpsync[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPEFF6BY\up[2].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M14V1TEX\dpsync[2].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M14V1TEX\PugTracker[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\dpsync[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\fastbutton[4].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\page-2[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\tweet_button.1334389481[1].htm moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_CHEUNG-DESKTOP$\3392 not found!
    Registry entries deleted on Reboot...
     
  15. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    TuneUp Companion 2.1.1
    Java(TM) 6 Update 29
    Java(TM) 7 Update 3
    Out of date Java installed!
    Adobe Flash Player 11.3.300.214
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  16. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Farbar Service Scanner Version: 16-04-2012
    Ran by Cheung (administrator) on 20-04-2012 at 12:27:59
    Running from "C:\Users\Cheung\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  17. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    C:\downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
    C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI probably a variant of Win32/Agent.GELFBUE trojan deleted - quarantined
    C:\TDSSKiller_Quarantine\17.04.2012_11.03.02\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\Users\Cheung\Documents\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
    C:\Users\Cheung\Documents\New Folder\NATHCORSAIR (F)\fsSetup129.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    C:\Windows\Installer\133c6e3c.msi probably a variant of Win32/Agent.GELFBUE trojan deleted - quarantined
    C:\Windows.old\Documents and Settings\Cheung\AppData\Local\Application Data\Temp\zbGNjNrjvOief6.exe a variant of Win32/Injector.HGV trojan cleaned by deleting - quarantined
    C:\Windows.old\Documents and Settings\Cheung\Downloads\Microsoft Office Professional Plus 2010 Activated Forever\Office_2010_Professional_Plus_Activated_Forever.iso:load.vbs VBS/Kryptik.D trojan cleaned by deleting - quarantined
    D:\Documents and Settings\Nathan Cheung\My Documents\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
    D:\downloads\cnet2_ashampoo_burning_studio_6_free_6_80_4312_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    D:\downloads\jZipV1.exe Win32/Toolbar.SearchSuite application deleted - quarantined
    D:\downloads\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    D:\downloads\Downloads\Downloads\dupsweep.exe Win32/Adware.ErrorRepairPro application deleted - quarantined
    D:\downloads\Downloads\Downloads\SkipScreen-Setup.exe Win32/Toolbar.Zugo application deleted - quarantined
    D:\downloads\Downloads\Programs\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
    D:\downloads\Downloads\Programs\RegistryGenius.com_Setup.exe Win32/Adware.RegistryGreat application deleted - quarantined
    D:\downloads\Downloads\Programs\Password Programs\ariskkey.exe probably a variant of Win32/Agent.CKOPODK trojan deleted - quarantined
    D:\downloads\MEP17\Install\Content.exe a variant of Win32/Packed.ZipMonster.A application cleaned by deleting - quarantined
    D:\External\Programs\RegistryGenius.com_Setup.exe Win32/Adware.RegistryGreat application deleted - quarantined
    D:\External\Programs\Password Programs\ariskkey.exe probably a variant of Win32/Agent.CKOPODK trojan deleted - quarantined
    D:\External\Yakka Notebook\Portable Apps\Documents\downloads\fsSetup129.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
    D:\Program Files\360Amigo\Uninstall.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
    D:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application deleted - quarantined
    D:\Samsung\BackUp\Nathan Cheung@CHEUNG\#DOC\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
    E:\Downloaded Torrents\ACTIVATOR.exe Win32/HackKMS.A application deleted - quarantined
    E:\Software\password-folder-setup-beta.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    E:\Software\SoftonicDownloader_for_excalibur.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    E:\Software\SoftonicDownloader_for_hdd-health.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    E:\Software\windows.7.codec.pack.v2.8.0.setup.exe multiple threats deleted - quarantined
     
  18. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Over 10 hours for that scan!!!!

    ;-)
     
  19. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  20. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Cheung
    ->Temp folder emptied: 129802162 bytes
    ->Temporary Internet Files folder emptied: 193543056 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 64021 bytes

    User: cheunnat
    ->Temp folder emptied: 0 bytes

    User: DB
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dropbox1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Dropbox2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Nathan Cheung
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 87822 bytes
    RecycleBin emptied: 33059380 bytes

    Total Files Cleaned = 340.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Cheung
    ->Flash cache emptied: 0 bytes

    User: cheunnat

    User: DB

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Dropbox1
    ->Flash cache emptied: 0 bytes

    User: Dropbox2
    ->Flash cache emptied: 0 bytes

    User: Nathan Cheung

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Cheung
    ->Java cache emptied: 0 bytes

    User: cheunnat

    User: DB

    User: Default

    User: Default User

    User: Dropbox1

    User: Dropbox2

    User: Nathan Cheung

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04232012_141832
    Files\Folders moved on Reboot...
    C:\Users\Cheung\AppData\Local\Temp\boost_interprocess\mtx moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\fastbutton[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\like[7].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\tweet_button.1334389481[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\xd_arbiter[2].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR70FWQ\PugTracker[2].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\dpsync[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\dpsync[2].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\page-3[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\up[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTU52ON\dpsync[1].htm moved successfully.
    C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTU52ON\xd_arbiter[2].htm moved successfully.
    File\Folder C:\Windows\temp\hsperfdata_CHEUNG-DESKTOP$\2568 not found!
    Registry entries deleted on Reboot...
     
  21. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    after deleting old version of java i get error on startup saying java VM wouldn't start
     
  22. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Actual Message is "Could not find Java VM"
     
  23. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  24. NathanC

    NathanC TS Rookie Topic Starter Posts: 38

    Autoruns Attached
     

    Attached Files:

  25. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    It must be coming from one of your startups.
    I can't see right away which one it could be.

    See if you have same error in Safe Mode.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.