Solved Win64/Agent.BA trojan Win64/Conedex.B trojan found

Broni · Oct 20, 2012

Go on...

aywen89 · Oct 22, 2012

OTL logfile created on: 10/22/2012 8:40:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\TDDOWNLOAD
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.48% Memory free
8.00 Gb Paging File | 5.67 Gb Available in Paging File | 70.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.83 Gb Total Space | 8.79 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.55 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive E: | 277.74 Gb Total Space | 34.68 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.48 Gb Total Space | 108.64 Gb Free Space | 11.66% Space Free | Partition Type: NTFS
Drive J: | 931.29 Gb Total Space | 64.05 Gb Free Space | 6.88% Space Free | Partition Type: FAT32

Computer Name: AYWEN-PC | User Name: Ay Wen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/22 20:38:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\TDDOWNLOAD\OTL.exe
PRC - [2012/10/13 15:49:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 03:44:49 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/18 15:00:12 | 001,245,712 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/28 21:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/07/19 09:45:08 | 000,174,096 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\ThunderPlatform.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/12/07 05:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/07 05:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/06/29 10:52:34 | 001,074,496 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2011/05/22 18:14:32 | 000,048,648 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
PRC - [2010/11/20 20:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/10/08 11:35:32 | 001,269,760 | ---- | M] (iAnywhere Solutions) -- C:\Program Files (x86)\Blue Manager Suite\BMExplorer.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
PRC - [2010/03/20 15:03:09 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/12/14 07:03:48 | 004,972,544 | ---- | M] (Noozxoide Laboratories) -- C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/13 15:49:27 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/11 14:24:00 | 001,124,368 | ---- | M] () -- C:\ProgramData\Thunder Network\Thunder\addins\XLSoftwarePopularizeAddin\XLSoftwarePopularize.dll
MOD - [2012/10/11 14:24:00 | 000,145,424 | ---- | M] () -- C:\ProgramData\Thunder Network\Thunder\addins\XLSoftwarePopularizeAddin\SwProtocol.dll
MOD - [2012/10/09 03:44:48 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/18 15:00:12 | 001,245,712 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
MOD - [2012/07/09 16:30:40 | 000,143,360 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\libexpat.dll
MOD - [2012/07/09 16:30:38 | 000,077,824 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\zlib1.dll
MOD - [2012/07/09 16:30:38 | 000,063,504 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\XLBugHandler.dll
MOD - [2012/07/09 16:30:38 | 000,052,752 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\XLCrypto.dll
MOD - [2012/07/09 16:30:38 | 000,019,968 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\minizip.dll
MOD - [2012/07/09 16:30:38 | 000,017,936 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\dl_uac_tool.dll
MOD - [2012/07/09 16:30:38 | 000,012,288 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.130_1111\mini_unzip_dll.dll
MOD - [2012/06/12 15:43:58 | 000,033,296 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Win7Trait.dll
MOD - [2012/06/12 15:43:48 | 000,030,224 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\XLIPC.dll
MOD - [2012/06/12 15:43:22 | 000,017,936 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\dl_uac_tool.dll
MOD - [2012/06/12 15:42:30 | 000,063,504 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\XLBugHandler.dll
MOD - [2012/06/12 15:40:46 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\sqlite3.dll
MOD - [2012/06/12 15:40:46 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\zlib1.dll
MOD - [2012/06/12 15:40:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libpng13.dll
MOD - [2012/06/12 15:40:44 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll
MOD - [2012/06/12 15:40:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\minizip.dll
MOD - [2012/03/27 21:23:41 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANPDApi.dll
MOD - [2011/12/07 05:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/05/30 16:19:06 | 000,079,536 | ---- | M] () -- C:\Users\Public\Documents\Thunder Network\Thunder\Profiles\xldt_data\Rule\XLUpLoadURL.dll
MOD - [2010/05/13 10:58:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\wlanapp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/28 10:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/13 15:49:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 03:44:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/12 15:43:42 | 000,088,080 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/12/07 21:33:01 | 000,149,904 | ---- | M] (Microsoft Â® Corporation) [Auto | Stopped] -- C:\Users\Ay Wen\Forefront UAG Remote Access Agent\uagwesterndigital-asianet\https1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2011/12/07 05:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/20 15:05:04 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe -- (D_Link_DWA-140_WPS)
SRV - [2010/04/11 14:40:30 | 002,326,920 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/20 15:03:09 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/13 16:01:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/13 15:57:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/31 18:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/31 18:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/07/28 12:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/28 12:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/28 09:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/05 20:40:47 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/07/05 20:40:47 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/05/14 14:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/05/25 07:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 14:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/12/20 14:44:42 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/12/20 14:42:04 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/11/20 21:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 21:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 19:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/11 14:40:32 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/04/11 14:40:27 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251)
DRV:64bit: - [2010/04/11 14:40:24 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/04/11 14:40:06 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/09/30 22:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/24 13:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/09/24 05:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/08/26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/11 04:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 17:49:06 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic)
DRV:64bit: - [2009/05/25 17:49:06 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009/05/25 17:49:06 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5)
DRV:64bit: - [2009/05/25 17:49:04 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009/05/25 17:49:04 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV:64bit: - [2009/05/25 17:49:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009/05/25 17:49:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 11:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/04/20 09:38:18 | 000,342,952 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DSAPGX114_64pmo.sys -- (SRS_PremiumSound_Service)
DRV:64bit: - [2008/11/14 14:18:48 | 000,517,632 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btprot.sys -- (BTPROT)
DRV:64bit: - [2008/11/14 14:18:48 | 000,031,744 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btiausb.sys -- (BTIAUSB)
DRV:64bit: - [2008/09/16 11:21:06 | 000,092,160 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btiaspp.sys -- (btiaspp)
DRV:64bit: - [2008/09/16 11:21:06 | 000,082,944 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btiaa2dp.sys -- (btiaa2dp)
DRV:64bit: - [2008/09/16 11:21:06 | 000,037,888 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btiapan.sys -- (BTiAPan)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/30 16:04:24 | 000,025,088 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiasco.sys -- (iAnywhere_btAudio)
DRV:64bit: - [2008/07/30 16:04:24 | 000,010,880 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btiarcp.sys -- (btiarcp)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/10/20 11:48:16 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/12/20 14:42:04 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001/03/06 10:42:00 | 000,006,645 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SLP1KDR.SYS -- (Slp1kdr)
DRV - [1998/03/24 14:34:24 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SLLPSVDR.SYS -- (Sllpsvdr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=57

aywen89 · Oct 22, 2012

IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=57C7248E857BEF2D6846345066E218E7
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 A1 EC 5A 68 5B CA 01 [binary data]
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\URLSearchHook: {CE9CB67A-D729-4fed-A44F-B901A514C291} - C:\Windows\SysWOW64\cssrhplus.dll (ChinaStar Studio)
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?so...7248E857BEF2D6846345066E218E7&q={searchTerms}
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7PPSU_en
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=baidudg
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:4.2
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.16.0.57\npxbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\Ringz Studio\Storm Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(212).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(779).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.1: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Ay Wen\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ay Wen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ay Wen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.1: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll ( )

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/10/02 16:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 15:49:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 23:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/10/02 16:09:09 | 000,000,000 | ---D | M]

[2009/10/25 09:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ay Wen\AppData\Roaming\Mozilla\Extensions
[2012/09/30 18:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions
[2012/06/26 06:38:01 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2012/09/29 19:47:15 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/11/28 22:31:23 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2012/09/07 23:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 15:49:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/16 02:13:46 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files (x86)\mozilla firefox\components\ThunderComponent.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/09/29 19:47:09 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/09/02 02:07:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 15:49:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=57C7248E857BEF2D6846345066E218E7
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\12.0.742.91\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\12.0.742.91\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\12.0.742.91\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Ay Wen\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(779).dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Ringz Studio\Storm Codec\Plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ay Wen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Ay Wen\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: \u8FC5\u96F7\u4E0B\u8F7D\u652F\u6301\u6D4B\u8BD5\u7248 = C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_0\
CHR - Extension: Poppit = C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.8.3574.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (VideoUrlSniffer Class) - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\VideoUrlSniffer.2.0.1.99.(840).dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Ñ¸À×FLVÊÓÆµÐáÌ½¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (Ñ¸À×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll (深圳市迅雷网络技术有限公司)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000..\Run: [Noozxoide Labs, EIZO-Recycle Processing Audio Series] C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe (Noozxoide Laboratories)
O4 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxConnectionPer1_0Server = 16
O7 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxConnectionPerServer = 16
O8:64bit: - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEMenu.htm ()
O8 - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEMenu.htm ()
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEToolMenu.htm ()
O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEToolBar.htm ()
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

aywen89 · Oct 22, 2012

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/02 21:22:42 | 000,000,000 | ---D | M] - C:\AutoCount Data -- [ NTFS ]
O32 - AutoRun File - [2008/12/19 20:59:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 17:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 21:29:47 | 000,919,968 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ay Wen\Desktop\rkill64.exe
[2012/10/18 21:28:37 | 004,984,103 | ---- | C] (Swearware) -- C:\Users\Ay Wen\Desktop\wen.exe
[2012/10/18 21:27:27 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ay Wen\Desktop\rkill.exe
[2012/10/18 06:47:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/17 22:54:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/17 22:33:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/17 22:33:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/17 22:33:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/17 22:32:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 22:32:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/15 22:59:20 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/15 22:01:05 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ay Wen\Desktop\TDSSKiller.exe
[2012/10/15 21:59:08 | 000,000,000 | ---D | C] -- C:\Users\Ay Wen\AppData\Local\thumbs
[2012/10/15 06:45:21 | 001,456,929 | ---- | C] (Farbar) -- C:\Users\Ay Wen\Desktop\FRST64.exe
[2012/10/14 16:18:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ay Wen\Desktop\aswMBR.exe
[2012/10/14 16:14:03 | 000,000,000 | ---D | C] -- C:\Users\Ay Wen\Desktop\RK_Quarantine
[2012/10/14 12:50:23 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Ay Wen\Desktop\dds.com
[2012/10/14 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\Installer2
[2012/10/13 18:08:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/10/13 16:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/10/13 16:01:47 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/13 15:57:18 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/10/13 15:50:53 | 014,294,360 | ---- | C] (DT Soft Ltd) -- C:\Users\Ay Wen\Desktop\DTLite4454-0316.exe
[2012/10/06 22:43:21 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/10/05 22:29:44 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/05 22:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/05 22:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/05 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/10/05 22:02:14 | 000,370,048 | ---- | C] (Neuber Software) -- C:\Users\Ay Wen\Desktop\SvchostAnalyzer.exe
[2012/10/02 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/10/02 16:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/10/02 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/02 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/30 15:06:24 | 000,000,000 | ---D | C] -- C:\Users\Ay Wen\AppData\Roaming\Malwarebytes
[2012/09/30 12:59:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/30 12:51:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/30 12:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/30 12:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/29 19:50:11 | 000,000,000 | ---D | C] -- C:\Users\Ay Wen\AppData\Roaming\LavasoftStatistics
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ay Wen\Desktop\*.tmp files -> C:\Users\Ay Wen\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 20:44:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/22 20:36:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286712610-3324488593-3930158484-1000UA.job
[2012/10/22 17:37:38 | 000,002,034 | -H-- | M] () -- C:\Users\Ay Wen\Documents\Default.rdp
[2012/10/22 15:36:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286712610-3324488593-3930158484-1000Core.job
[2012/10/18 21:40:19 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:40:19 | 000,013,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 21:37:26 | 000,792,886 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/18 21:37:26 | 000,673,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/18 21:37:26 | 000,124,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/18 21:32:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 21:32:32 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 21:29:47 | 000,919,968 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ay Wen\Desktop\rkill64.exe
[2012/10/18 21:29:27 | 004,984,103 | ---- | M] (Swearware) -- C:\Users\Ay Wen\Desktop\wen.exe
[2012/10/18 21:27:44 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ay Wen\Desktop\rkill.exe
[2012/10/15 23:13:22 | 000,000,512 | ---- | M] () -- C:\Users\Ay Wen\Desktop\MBR.dat
[2012/10/15 22:00:49 | 002,194,704 | ---- | M] () -- C:\Users\Ay Wen\Desktop\tdsskiller.zip
[2012/10/15 21:46:49 | 000,000,954 | ---- | M] () -- C:\Users\Ay Wen\AppData\Local\bmarchive.bms
[2012/10/15 06:45:32 | 001,456,929 | ---- | M] (Farbar) -- C:\Users\Ay Wen\Desktop\FRST64.exe
[2012/10/14 16:19:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ay Wen\Desktop\aswMBR.exe
[2012/10/14 16:13:02 | 001,422,336 | ---- | M] () -- C:\Users\Ay Wen\Desktop\RogueKiller.exe
[2012/10/14 12:50:18 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Ay Wen\Desktop\dds.com
[2012/10/14 12:06:46 | 000,302,592 | ---- | M] () -- C:\Users\Ay Wen\Desktop\pnsjz600.exe
[2012/10/13 16:20:11 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\R.A.W Realms of Ancient War.lnk
[2012/10/13 16:04:41 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/10/13 16:01:48 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/13 15:57:35 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/10/13 15:57:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/10/13 15:53:37 | 014,294,360 | ---- | M] (DT Soft Ltd) -- C:\Users\Ay Wen\Desktop\DTLite4454-0316.exe
[2012/10/13 15:49:28 | 000,002,048 | ---- | M] () -- C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/12 23:58:32 | 000,000,025 | ---- | M] () -- C:\Users\Ay Wen\AppData\Roaming\CoreAVC.ini
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ay Wen\Desktop\TDSSKiller.exe
[2012/10/07 10:08:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/06 17:31:48 | 000,985,600 | ---- | M] () -- C:\Users\Ay Wen\Desktop\MicrosoftFixit50123.msi
[2012/10/05 22:05:15 | 002,095,024 | ---- | M] () -- C:\Users\Ay Wen\Desktop\SecurityTaskManager_Setup.exe
[2012/10/05 22:02:22 | 000,370,048 | ---- | M] (Neuber Software) -- C:\Users\Ay Wen\Desktop\SvchostAnalyzer.exe
[2012/10/05 21:31:42 | 000,844,954 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/02 15:31:52 | 062,664,192 | ---- | M] () -- C:\Users\Ay Wen\Desktop\ess_nt64_enu.msi
[2012/10/01 00:03:42 | 000,417,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/30 12:51:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ay Wen\Desktop\*.tmp files -> C:\Users\Ay Wen\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/17 22:33:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/17 22:33:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/17 22:33:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/17 22:33:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/17 22:33:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/15 22:00:47 | 002,194,704 | ---- | C] () -- C:\Users\Ay Wen\Desktop\tdsskiller.zip
[2012/10/14 18:34:18 | 000,000,512 | ---- | C] () -- C:\Users\Ay Wen\Desktop\MBR.dat
[2012/10/14 16:13:02 | 001,422,336 | ---- | C] () -- C:\Users\Ay Wen\Desktop\RogueKiller.exe
[2012/10/14 12:06:46 | 000,302,592 | ---- | C] () -- C:\Users\Ay Wen\Desktop\pnsjz600.exe
[2012/10/13 16:20:11 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\R.A.W Realms of Ancient War.lnk
[2012/10/13 16:20:11 | 000,000,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.A.W Realms of Ancient War.lnk
[2012/10/13 15:57:35 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/10/06 17:31:45 | 000,985,600 | ---- | C] () -- C:\Users\Ay Wen\Desktop\MicrosoftFixit50123.msi
[2012/10/05 22:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/05 22:04:56 | 002,095,024 | ---- | C] () -- C:\Users\Ay Wen\Desktop\SecurityTaskManager_Setup.exe
[2012/10/02 15:28:50 | 062,664,192 | ---- | C] () -- C:\Users\Ay Wen\Desktop\ess_nt64_enu.msi
[2012/09/30 12:51:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/26 23:56:15 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2012/04/06 14:50:25 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\applet.ini
[2012/04/06 09:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/06 09:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/27 21:25:59 | 000,000,253 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\ANICONFIG_{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98}.ini
[2012/03/27 21:23:10 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/01 20:42:33 | 000,000,025 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\CoreAVC.ini
[2011/12/10 17:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/07 15:17:17 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/05/27 02:05:28 | 000,045,286 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\room_v3.dat
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/04/13 22:30:42 | 000,046,742 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\room.dat
[2011/04/10 23:36:12 | 000,011,180 | ---- | C] () -- C:\Users\Ay Wen\gsview64.ini
[2010/11/02 21:44:58 | 000,390,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd.sys
[2010/11/02 21:44:58 | 000,098,304 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd.dll
[2010/11/02 21:44:58 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd.dll
[2010/11/02 21:44:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dsnpstd.dll
[2010/11/02 21:44:58 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd.dll
[2010/11/02 21:44:58 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2010/11/02 21:44:57 | 000,286,720 | ---- | C] () -- C:\Windows\vsnpstd.exe
[2010/05/12 09:04:29 | 000,000,159 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\default.rss
[2010/02/02 23:19:53 | 000,000,600 | ---- | C] () -- C:\Users\Ay Wen\AppData\Roaming\winscp.rnd
[2010/01/04 11:35:06 | 000,003,584 | ---- | C] () -- C:\Users\Ay Wen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 00:51:23 | 000,000,017 | ---- | C] () -- C:\Users\Ay Wen\AppData\Local\resmon.resmoncfg
[2008/05/09 16:08:32 | 000,000,954 | ---- | C] () -- C:\Users\Ay Wen\AppData\Local\bmarchive.bms

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/05/15 20:50:40 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Acronis
[2011/12/11 00:26:34 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Alawar Entertainment
[2010/11/02 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\AutoCount
[2012/07/26 23:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Baidu
[2010/04/29 09:45:10 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Bump Technologies, Inc
[2010/11/25 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\CadSoft
[2012/10/13 16:08:26 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\DAEMON Tools Lite
[2011/06/07 15:18:24 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\DassaultSystemes
[2010/07/03 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\DragonicaSCB
[2011/06/07 15:18:25 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\EDrawings
[2010/08/17 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\ESET
[2012/03/31 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\GarenaPlus
[2010/10/31 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Gmote
[2010/04/09 23:16:50 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\GrabPro
[2011/07/07 15:26:23 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\ICAClient
[2011/03/16 00:26:06 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\ImgBurn
[2010/09/22 22:46:58 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\ImTOO
[2012/02/02 06:50:21 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\IObit
[2011/02/10 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\LolClient
[2011/02/01 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Modiac
[2012/05/05 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\MotioninJoy
[2012/01/20 22:06:47 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Motorola
[2010/08/27 08:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Octoshape
[2012/10/13 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\OpenCandy
[2012/10/15 06:44:30 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Orbit
[2010/10/21 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Outlook
[2011/05/10 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\PC Suite
[2010/09/20 09:02:34 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\PPStream
[2010/08/19 23:28:51 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\ProgSense
[2011/02/24 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\runic games
[2012/09/06 08:48:21 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Samsung
[2010/04/12 01:05:02 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\SystemRequirementsLab
[2012/05/11 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Temp
[2009/10/28 22:44:10 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Thinstall
[2012/05/26 13:28:27 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\TuneUp Software
[2012/03/22 21:12:02 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Western Digital
[2010/10/07 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\Ay Wen\AppData\Roaming\Xunlei
[2012/09/30 11:28:57 | 000,000,000 | ---D | M] -- C:\Users\sai.AyWen-PC\AppData\Roaming\Ad-Aware Antivirus
[2012/09/30 11:33:27 | 000,000,000 | ---D | M] -- C:\Users\sai.AyWen-PC\AppData\Roaming\ESET
[2012/09/30 11:53:54 | 000,000,000 | ---D | M] -- C:\Users\sai.AyWen-PC\AppData\Roaming\GrabPro
[2012/09/30 11:31:07 | 000,000,000 | ---D | M] -- C:\Users\sai.AyWen-PC\AppData\Roaming\Motorola
[2012/09/30 05:56:58 | 000,000,000 | ---D | M] -- C:\Users\sai.AyWen-PC\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/10/22 20:44:04 | 000,002,251 | ---- | M] ()(C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\??7.lnk) -- C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk
[2012/10/22 20:44:04 | 000,002,227 | ---- | M] ()(C:\Users\Ay Wen\Desktop\??7.lnk) -- C:\Users\Ay Wen\Desktop\迅雷7.lnk
[2012/04/21 12:22:12 | 000,002,253 | ---- | C] ()(C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\??7.lnk) -- C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk
[2012/03/25 00:37:11 | 000,387,829 | ---- | C] ()(C:\Users\Ay Wen\Documents\?????????.torrent) -- C:\Users\Ay Wen\Documents\吉沢明步超级大合集.torrent
[2012/02/12 11:09:32 | 000,387,829 | ---- | M] ()(C:\Users\Ay Wen\Documents\?????????.torrent) -- C:\Users\Ay Wen\Documents\吉沢明步超级大合集.torrent
[2011/10/24 22:34:06 | 000,002,229 | ---- | C] ()(C:\Users\Ay Wen\Desktop\??7.lnk) -- C:\Users\Ay Wen\Desktop\迅雷7.lnk
[2011/03/04 14:42:23 | 000,000,706 | ---- | M] ()(C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\????? 2010.lnk) -- C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\酷我音乐盒 2010.lnk
[2010/01/18 21:42:25 | 000,000,706 | ---- | C] ()(C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\????? 2010.lnk) -- C:\Users\Ay Wen\Application Data\Microsoft\Internet Explorer\Quick Launch\酷我音乐盒 2010.lnk
(C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????? 2010) -- C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\酷我音乐盒 2010
(C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\防御能力
(C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Ay Wen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????1.0) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度地址栏1.0
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\僼儔儞僗僷儞
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????? 2011) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\蹄扂秞氈碟 2011
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????? 2010) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\酷我音乐盒 2010
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度工具栏
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\防御能力
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

< End of report >

aywen89 · Oct 22, 2012

OTL Extras logfile created on: 10/22/2012 8:40:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\TDDOWNLOAD
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.48% Memory free
8.00 Gb Paging File | 5.67 Gb Available in Paging File | 70.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.83 Gb Total Space | 8.79 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 16.55 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
Drive E: | 277.74 Gb Total Space | 34.68 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.48 Gb Total Space | 108.64 Gb Free Space | 11.66% Space Free | Partition Type: NTFS
Drive J: | 931.29 Gb Total Space | 64.05 Gb Free Space | 6.88% Space Free | Partition Type: FAT32

Computer Name: AYWEN-PC | User Name: Ay Wen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "d:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "d:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "d:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "d:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{28B0F39B-C0C6-4CC5-902B-9BF20111804C}" = Blue Manager Suite
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{42822DCA-21E7-49C6-20DE-9FAC7A4980C2}" = ATI Problem Report Wizard
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed SHIFT
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F2DEDF1D-AFB2-CCFD-54C4-05BED30C75ED}" = ATI AVIVO64 Codecs
"{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.79.0
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{23D6C05C-E8BB-0812-7C96-33F0E25A6388}" = HydraVision
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (A2006)
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DAFF979-5A46-44FA-B431-DAB8F0580683}" = RSDLite
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{499DB235-2EAB-48EF-BE29-1C78C99E84B7}_is1" = AudioServer 1.0.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5186EEFA-2A4A-4048-B2CA-4FDE711762F1}" = ExoCore
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5E92919F-BE1E-4A65-A951-24EFFADC3101}" = AutoCount Accounting
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B08C6A5-2B90-4E93-980D-7EEB39099D4D}" = VideoCAM Eye
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = Catalyst Control Center
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed SHIFT
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutoCount Help 1.0" = AutoCount Help 1.0
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"DAEMON Tools Lite" = DAEMON Tools Lite
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Setup.divx.com" = DivX Setup
"EasyBCD" = EasyBCD 1.7.2
"ESET Online Scanner" = ESET Online Scanner v3
"ExoCore" = ExoCore v1.4.200 (remove only)
"Flashtool" = Flashtool
"GameHandleServer 1.00" = GameHandleServer 1.00
"Garena" = Garena 2010
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HoN" = Garena - Heroes of Newerth
"im" = Garena Messenger
"ImgBurn" = ImgBurn
"ImTOO Ringtone Maker" = ImTOO Ringtone Maker
"InstallShield_{28B0F39B-C0C6-4CC5-902B-9BF20111804C}" = Blue Manager Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KwMusic" = 蹄扂秞氈碟 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Modiac Video Converter" = Modiac Video Converter
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PakkISO_is1" = PakkISO 0.4
"PROPLUS" = Microsoft Office Professional Plus 2007
"R.A.W Realms of Ancient War (c) Focus Home Interactive_is1" = R.A.W Realms of Ancient War (c) Focus Home Interactive version 1
"Storm Codec 5" = Storm Codec
"thunder_is1" = 迅雷7
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.2
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winscp3_is1" = WinSCP 4.2.5
"XXClone" = XXClone ver 0.58.0
"迅雷游戏大厅" = 迅雷游戏大厅
"迅雷看看播放器" = 迅雷看看播放器
"迅雷看看高清播放组件" = 迅雷看看高清播放组件

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 3:53:14 PM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2011 4:15:22 PM | Computer Name = AyWen-PC | Source = System Restore | ID = 8193
Description =

Error - 8/14/2011 7:52:40 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 8:25:58 AM | Computer Name = AyWen-PC | Source = System Restore | ID = 8193
Description =

Error - 8/14/2011 3:21:18 PM | Computer Name = AyWen-PC | Source = System Restore | ID = 8193
Description =

Error - 8/14/2011 3:26:04 PM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2011 3:14:35 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2011 1:27:24 PM | Computer Name = AyWen-PC | Source = System Restore | ID = 8193
Description =

Error - 8/15/2011 3:10:32 PM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/16/2011 3:59:54 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/16/2011 3:49:35 PM | Computer Name = AyWen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 11/21/2009 10:56:39 PM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 10:56:22 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: The connection was closed unexpectedly.)

Error - 12/5/2009 12:58:43 AM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 12:58:38 PM - Failed to retrieve SportsSchedule (Error: Invalid security
token.)

Error - 12/22/2009 6:59:24 AM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 6:59:24 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 12/22/2009 7:00:57 AM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 7:00:57 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: The connection was closed unexpectedly.)

Error - 12/22/2009 7:01:38 AM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 7:01:38 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: The connection was closed unexpectedly.)

Error - 12/22/2009 7:02:07 AM | Computer Name = AyWen-PC | Source = MCUpdate | ID = 0
Description = 7:02:07 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: The connection was closed unexpectedly.)

[ OSession Events ]
Error - 1/18/2010 10:41:46 AM | Computer Name = AyWen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1896
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/21/2012 9:33:05 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/21/2012 11:58:56 AM | Computer Name = AyWen-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 48.

Error - 10/21/2012 11:58:57 AM | Computer Name = AyWen-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 48.

Error - 10/21/2012 4:21:17 PM | Computer Name = AyWen-PC | Source = sbp2port | ID = 262164
Description = A transport driver received a frame which violated the protocol.

Error - 10/21/2012 9:33:09 PM | Computer Name = AyWen-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/22/2012 1:26:02 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/22/2012 1:26:04 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/22/2012 1:26:08 AM | Computer Name = AyWen-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/22/2012 4:21:41 AM | Computer Name = AyWen-PC | Source = sbp2port | ID = 262164
Description = A transport driver received a frame which violated the protocol.

Error - 10/22/2012 7:22:10 AM | Computer Name = AyWen-PC | Source = sbp2port | ID = 262164
Description = A transport driver received a frame which violated the protocol.

< End of report >

Broni · Oct 22, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com (http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=======================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

5. Please run a BitDefender Online Scan

Disable your antivirus program.
Click Start Scanner button.
Click Free scan now button
Allow browser plug-in to be installed when prompted.
Click I Agree to agree to the EULA.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on View report.
Notepad will open with scan results.
Save the report to your desktop and post its content in your next reply.

aywen89 · Oct 27, 2012

All processes killed
========== OTL ==========
HKU\S-1-5-21-3286712610-3324488593-3930158484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\111222.cn\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\kan\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\tvguide\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pps.tv\vodguide\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\xml1\ not found.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\xml2\ not found.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.com\xml3\ not found.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstream.net\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstv.com\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ppstv.net\list1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3286712610-3324488593-3930158484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\security_PPStream.exe\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ay Wen
->Temp folder emptied: 12445249 bytes
->Temporary Internet Files folder emptied: 304052246 bytes
->Java cache emptied: 2370154 bytes
->FireFox cache emptied: 63230506 bytes
->Google Chrome cache emptied: 67882762 bytes
->Flash cache emptied: 1291647 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: sai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sai.AyWen-PC
->Temp folder emptied: 10570803 bytes
->Temporary Internet Files folder emptied: 671943 bytes
->FireFox cache emptied: 56008193 bytes
->Flash cache emptied: 56996 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56641126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 550.00 mb

[EMPTYJAVA]

User: All Users

User: Ay Wen
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: sai

User: sai.AyWen-PC

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Ay Wen
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: sai
->Flash cache emptied: 0 bytes

User: sai.AyWen-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10272012_203011

Files\Folders moved on Reboot...
C:\Users\Ay Wen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aywen89 · Oct 27, 2012

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
Google Chrome 10.0.648.204
Google Chrome 10.0.648.205
Google Chrome 11.0.696.60
Google Chrome 11.0.696.77
Google Chrome 12.0.742.91
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

aywen89 · Oct 27, 2012

3. Please download AdwCleaner by Xplode onto your desktop.
cannot run this, once run I get a blue screen and restart computer

4. Download Temp File Cleaner (TFC)
cannot run this, once run I get a blue screen and restart computer

5. Please run a BitDefender Online Scan
After scan no active infection on my computer, found no place to click for scan result

Broni · Oct 27, 2012

3,4 run them from safe mode.

Broni · Nov 1, 2012

Still with me?

aywen89 · Nov 2, 2012

Yes,can give me 2day,this few day I m busy working,even reply you with my phone only

Broni · Nov 2, 2012

OK...

aywen89 · Nov 3, 2012

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 20:34:02
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Ay Wen - AYWEN-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Ay Wen\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Users\Ay Wen\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Ay Wen\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Orbit\OpenCandy
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\sai.AyWen-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ujjg7wu5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v12.0.742.91

File : C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2045 octets] - [03/11/2012 20:34:02]

########## EOF - C:\AdwCleaner[S2].txt - [2105 octets] ##########

aywen89 · Nov 3, 2012

3. Please download AdwCleaner by Xplode onto your desktop.
done in safemode

4. Download Temp File Cleaner (TFC)
done in safemode

Broni · Nov 3, 2012

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Broni · Nov 8, 2012

The issue seems to be resolved.

Solved Win64/Agent.BA trojan Win64/Conedex.B trojan found

Broni

Posts: 56,041 +516

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

Broni

Posts: 56,041 +516

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

aywen89

Posts: 30 +0

Broni

Posts: 56,041 +516

aywen89

Posts: 30 +0

aywen89

Posts: 30 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts