Solved EasyBits malware

hokokhua · Nov 28, 2012

Hi there,

I recently sent my desktop to a repair shop to change a motherboard and since it got back, I realised that there were strange programs installed on my PC that I cannot remove. These include: EasyBits Tic-Tac-Toe, EasyBits Battleship and EasyChat. I see them when I go to the start button. I tried to go to Control Panel to uninstall but it doesn't detect such a program. Same thing for Revo Uninstaller.

Looking forward to your advice on how to remove the malware. Thanks!!

Best,
Paul

Jay Pfoutz · Nov 28, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Delete.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

hokokhua · Nov 28, 2012

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
Run by user at 9:26:42 on 2012-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.950.852.1033.18.7883.4010 [GMT 8:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roozz\RoozzUpdater.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.sg/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Driver Genius] <no file>
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK -
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: OldEnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &E1OA&N﹐A×AeIsIAOO - <no file>
IE: &E1OA&N﹐A×IAOO - <no file>
IE: &E1OA&N﹐A×IAOOE?2?A’?O - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{53F2BC1E-01F1-4806-B216-8F6AAF184D2D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D} : NameServer = 98.158.112.60 199.127.248.22
TCP: Interfaces\{7E18089D-8B59-4DEE-85A4-8EED830558C2} : DHCPNameServer = 192.168.0.1
SEH: DesktopTipsStub Class - {4562B511-62E9-4533-B7B2-56A8BB10B482} -
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Notify: igfxcui - igfxdev.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Roozz\nproozz.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-02 21:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-27 16152]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-6-1 157696]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-7-8 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-7-8 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-7-8 1096176]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-1-10 17720]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-3-31 141920]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-7-8 251528]
R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-28 236544]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-6-10 233328]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-27 164520]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
R2 Roozz Updater;Roozz Updater;C:\Program Files (x86)\Roozz\RoozzUpdater.exe [2012-6-22 393216]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2007-10-22 11576]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-11-27 134696]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-11-27 21568]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-11-27 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-11-27 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-11-27 39976]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2011-2-18 56160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-27 788760]
R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\System32\drivers\whfltr2k.sys [2011-11-30 10368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW86.sys [2012-5-31 90624]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 Media Center 17 Service;Media Center 17 Service;C:\Program Files (x86)\J River\Media Center 17\JRService.exe [2012-5-9 392320]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-7-8 85224]
S3 PCTSFileEnum;PCTSFileEnum;C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-7-8 89016]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-31 685672]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-11-2 166704]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-11-27 14:17:22--------d-----w-C:\Users\user\AppData\Roaming\BCGameTime
2012-11-27 05:04:0916896----a-w-C:\Windows\AsTaskSched.dll
2012-11-27 04:07:20--------d-----w-C:\Users\user\AppData\Local\Broadcom
2012-11-27 04:07:07620584----a-w-C:\Windows\System32\drivers\btwampfl.sys
2012-11-27 04:04:3889640----a-w-C:\Windows\System32\drivers\btwdpan.sys
2012-11-27 04:04:3821544----a-w-C:\Windows\System32\drivers\btwrchid.sys
2012-11-27 04:04:37178728----a-w-C:\Windows\System32\drivers\btwavdt.sys
2012-11-27 04:04:37167976----a-w-C:\Windows\System32\drivers\btwaudio.sys
2012-11-27 04:04:3639976----a-w-C:\Windows\System32\drivers\btwl2cap.sys
2012-11-27 04:04:36134696----a-w-C:\Windows\System32\drivers\bcbtums.sys
2012-11-27 04:03:39--------d-----w-C:\Program Files\WIDCOMM
2012-11-27 04:02:55--------d-----w-C:\Program Files (x86)\Cisco
2012-11-27 04:00:5521568----a-w-C:\Windows\System32\drivers\bcmvwl64.sys
2012-11-27 04:00:0216152----a-w-C:\Windows\System32\drivers\iusb3hcs.sys
2012-11-27 03:59:47788760----a-w-C:\Windows\System32\drivers\iusb3xhc.sys
2012-11-27 03:59:44356120----a-w-C:\Windows\System32\drivers\iusb3hub.sys
2012-11-27 03:58:56--------d-----w-C:\Program Files (x86)\ASM104xUSB3
2012-11-27 03:58:32164520----a-w-C:\Windows\System32\IPROSetMonitor.exe
2012-11-27 03:58:04316104----a-r-C:\Windows\System32\PROUnstl.exe
2012-11-27 03:56:2568264----a-w-C:\Windows\System32\e1cmsg.dll
2012-11-27 03:56:2536472----a-w-C:\Windows\System32\NicCo36.dll
2012-11-27 03:56:25328368----a-w-C:\Windows\System32\drivers\e1c62x64.sys
2012-11-27 03:56:2292864----a-w-C:\Windows\System32\NicInstC.dll
2012-11-15 06:25:179728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-15 06:25:17785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 06:25:1754376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 06:25:172560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 06:19:5287040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 06:19:52198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 06:19:4984992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-15 06:19:4945056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 06:19:49194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-15 06:19:48744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-15 06:19:48229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-15 02:25:5795744----a-w-C:\Windows\System32\synceng.dll
2012-11-15 02:25:5778336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-11 05:57:51--------d-----w-C:\Program Files (x86)\Kindle Auto eBook Converter
2012-11-11 05:45:29--------d-----w-C:\Program Files (x86)\DjVu Viewer
2012-11-03 12:10:12--------d-----w-C:\Users\user\AppData\Local\Octoshape
2012-11-03 12:10:09--------d-----w-C:\Users\user\AppData\Roaming\Octoshape
2012-11-02 10:01:5033792----a-w-C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll
2012-11-02 10:01:26--------d-----w-C:\Program Files (x86)\Samsung Printers
2012-11-02 10:00:34256000----a-w-C:\Windows\System32\SIPDUtil.dll
2012-11-02 10:00:34162096----a-w-C:\Windows\System32\SUPDSvcA.dll
2012-11-02 10:00:3227648----a-w-C:\Windows\System32\spd__l.dll
2012-11-02 10:00:3189600----a-w-C:\Windows\System32\spd__ci.dll
2012-11-02 10:00:31359424----a-w-C:\Windows\System32\DscPnt.dll
2012-11-02 10:00:31166704----a-w-C:\Windows\System32\SUPDSvc.exe
2012-11-02 10:00:30258864----a-w-C:\Windows\SUPDRun.exe
2012-11-02 10:00:30151552----a-w-C:\Windows\System32\spd__ci.exe
2012-11-02 10:00:00--------d-----w-C:\Windows\twain_64
2012-11-02 09:57:48280064----a-w-C:\Windows\System32\snWIAMUI.dll
.
==================== Find3M ====================
.
2012-11-27 04:01:0973728----a-w-C:\Windows\System32\wltrynt.dll
2012-11-27 04:01:09445----a-w-C:\Windows\System32\vcredist_x64.bat
2012-11-27 04:01:0935344----a-w-C:\Windows\System32\drivers\npf.sys
2012-11-27 04:01:093161088----a-w-C:\Windows\System32\vcredist_x64.exe
2012-11-27 04:01:074658688----a-w-C:\Windows\System32\bcmttls.dll
2012-11-27 04:01:071047552----a-w-C:\Windows\System32\BCMLogon.dll
2012-11-27 04:01:0622592----a-w-C:\Windows\System32\drivers\bcm42rly.sys
2012-11-27 04:01:054961800----a-w-C:\Windows\SysWow64\vcredist_x64.exe
2012-11-27 04:01:05446----a-w-C:\Windows\SysWow64\vcredist_x64.bat
2012-11-27 04:00:586656----a-w-C:\Windows\System32\bcmwlrc.dll
2012-11-27 04:00:5795544----a-w-C:\Windows\System32\bcmwlcoi.dll
2012-11-27 04:00:564746304----a-w-C:\Windows\System32\drivers\BCMWL664.SYS
2012-11-27 04:00:563952640----a-w-C:\Windows\System32\bcmihvsrv64.dll
2012-11-27 04:00:563617792----a-w-C:\Windows\System32\bcmihvui64.dll
2012-11-11 01:58:4773656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-11 01:58:47697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 11:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-02 00:18:04108008----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-02 00:18:01916456----a-w-C:\Windows\System32\deployJava1.dll
2012-09-02 00:18:011034216----a-w-C:\Windows\System32\npDeployJava1.dll
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 9:27:19.81 ===============

hokokhua · Nov 28, 2012

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2011 7:52:40 PM
System Uptime: 29/11/2012 8:59:11 AM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-I DELUXE
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | LGA1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1000 GiB total, 67.593 GiB free.
D: is FIXED (NTFS) - 863 GiB total, 97.455 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP274: 27/11/2012 12:05:17 PM - Broadcom BTW Restore Point
RP275: 27/11/2012 10:27:07 PM - Revo Uninstaller's restore point - PPLite 1.0.0.0082
RP276: 28/11/2012 8:47:55 PM - Windows Update
RP277: 28/11/2012 9:43:57 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
ABBYY FineReader 11 Corporate Edition
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advanced Wheel Mouse 6.0.0.011
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Audacity 2.0
Bonjour
Broadcom InConcert Maestro
Broadcom Wireless Utility
calibre
Catalyst Control Center InstallProxy
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CutePDF Writer 2.8
dBpoweramp DSP Effects
dBpoweramp Music Converter
DiskAid 5.31
DjVu Viewer version 1.0
Driver Genius Professional Edition
ESET Smart Security
Everything 1.2.1.371
Fences
FLAC 1.2.1b (remove only)
foobar2000 v1.1.9
FormatFactory 3.0.1
Free RAR Extract Frog
Google Chrome
HandBrake 0.9.6
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Management Engine Components
Intel(R) Network Connections 16.1.53.0
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
IntelR Trusted Connect Service Client
iTunes
Java 7 Update 7 (64-bit)
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
K-Lite Codec Pack 5.5.0 (64-bit)
K-Lite Mega Codec Pack 8.0.0
Kindle Auto eBook Converter 0.4.50
LADSPA_plugins-win-0.4.15
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
Media Center 17
MediaInfo 0.7.53
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MKVToolNix 5.2.1
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.50
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nitro Reader 2
Octoshape Streaming Services
OLYMPUS Digital Camera Updater
PC Tools on-the-fly Scanner 9.0
PDF to Word
pdfsam
Readiris Pro 10
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.93
Roozz plugin 2.9.8
Samsung CLX-3170 Series
SAMSUNG Dr.Printer
Samsung Kies
Samsung Universal Print Driver
Samsung Universal Scan Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SES Driver
Smart Defrag 2
SmarThru 4
swMSM
System Requirements Lab for Intel
TeraCopy 2.27
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
VLC media player 2.0.4
WIDCOMM Bluetooth Software
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
Windows Media Player Firefox Plugin
WinSCP 4.3.2
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
29/11/2012 8:59:37 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
29/11/2012 8:59:17 AM, Error: volmgr [46] - Crash dump initialization failed!
27/11/2012 9:59:28 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={D6813A2C-2C52-42DB-9F2E-07C55AE0A4C9}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
27/11/2012 9:57:51 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={105370EA-D5D4-425E-B87C-8EADB7B9E3C1}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
27/11/2012 9:55:55 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={9B14DB58-0E0F-46D5-B8A4-B4377F29B913}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
27/11/2012 11:50:44 AM, Error: Service Control Manager [7023] - The Intel(R) Content Protection HECI Service service terminated with the following error: %%-2147024637
27/11/2012 10:06:39 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={FD64EA28-8762-435A-BF54-966C46B0447C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
27/11/2012 10:04:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{48FBD19D-CCD5-453F-A85F-5DD4190A2A7D} because another computer on the network has the same name. The server could not start.
27/11/2012 10:00:59 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={4B176700-08A3-4E49-A596-5F03091AC23D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
24/11/2012 10:43:48 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

hokokhua · Nov 28, 2012

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.28.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]
29/11/2012 9:14:08 AM
mbam-log-2012-11-29 (09-14-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242927
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

hokokhua · Nov 28, 2012

# AdwCleaner v2.009 - Logfile created 11/29/2012 at 08:57:59
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
-\\ Google Chrome v23.0.1271.91
*************************
AdwCleaner[S1].txt - [1443 octets] - [29/11/2012 08:57:59]

Jay Pfoutz · Nov 29, 2012

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

hokokhua · Nov 30, 2012

ComboFix 12-11-29.02 - user 1/2012 Fri 14:48:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.950.852.1033.18.7883.6082 [GMT 8:00]
執行位置: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((( 2012-10-28 至 2012-11-30 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\Public\AppData\Local\temp
2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\PlayOnHD\AppData\Local\temp
2012-11-30 06:54 . 2012-11-30 06:54--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-27 14:17 . 2012-11-27 14:17--------d-----w-c:\users\user\AppData\Roaming\BCGameTime
2012-11-27 05:04 . 2012-11-27 05:0416896----a-w-c:\windows\AsTaskSched.dll
2012-11-27 04:07 . 2012-11-27 04:07--------d-----w-c:\users\user\AppData\Local\Broadcom
2012-11-27 04:07 . 2011-09-20 08:36620584----a-w-c:\windows\system32\drivers\btwampfl.sys
2012-11-27 04:04 . 2011-06-23 03:5921544----a-w-c:\windows\system32\drivers\btwrchid.sys
2012-11-27 04:04 . 2011-05-20 14:4989640----a-w-c:\windows\system32\drivers\btwdpan.sys
2012-11-27 04:04 . 2011-07-06 10:35167976----a-w-c:\windows\system32\drivers\btwaudio.sys
2012-11-27 04:04 . 2011-06-23 03:59178728----a-w-c:\windows\system32\drivers\btwavdt.sys
2012-11-27 04:04 . 2011-11-03 05:00134696----a-w-c:\windows\system32\drivers\bcbtums.sys
2012-11-27 04:04 . 2011-02-13 16:1739976----a-w-c:\windows\system32\drivers\btwl2cap.sys
2012-11-27 04:03 . 2012-11-27 04:03--------d-----w-c:\program files\WIDCOMM
2012-11-27 04:02 . 2012-11-27 04:03--------d-----w-c:\program files (x86)\Cisco
2012-11-27 04:00 . 2012-11-27 04:0021568----a-w-c:\windows\system32\drivers\bcmvwl64.sys
2012-11-27 04:00 . 2012-02-26 19:0116152----a-w-c:\windows\system32\drivers\iusb3hcs.sys
2012-11-27 03:59 . 2012-02-26 19:01788760----a-w-c:\windows\system32\drivers\iusb3xhc.sys
2012-11-27 03:59 . 2012-02-26 19:01356120----a-w-c:\windows\system32\drivers\iusb3hub.sys
2012-11-27 03:58 . 2012-11-27 03:58--------d-----w-c:\program files (x86)\ASM104xUSB3
2012-11-27 03:58 . 2011-01-17 08:00164520----a-w-c:\windows\system32\IPROSetMonitor.exe
2012-11-27 03:58 . 2011-01-28 02:19316104----a-r-c:\windows\system32\PROUnstl.exe
2012-11-27 03:56 . 2011-02-08 03:03328368----a-w-c:\windows\system32\drivers\e1c62x64.sys
2012-11-27 03:56 . 2011-01-20 16:5968264----a-w-c:\windows\system32\e1cmsg.dll
2012-11-27 03:56 . 2009-05-26 01:0536472----a-w-c:\windows\system32\NicCo36.dll
2012-11-27 03:56 . 2011-02-04 16:5992864----a-w-c:\windows\system32\NicInstC.dll
2012-11-15 06:25 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 06:25 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 06:25 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 06:25 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-15 06:19 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 06:19 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 06:19 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-15 06:19 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 06:19 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-15 06:19 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-15 06:19 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-15 02:25 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-15 02:25 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-11 05:57 . 2012-11-11 05:59--------d-----w-c:\program files (x86)\Kindle Auto eBook Converter
2012-11-11 05:45 . 2012-11-11 05:45--------d-----w-c:\program files (x86)\DjVu Viewer
2012-11-11 01:58 . 2012-11-11 01:58--------d-----w-c:\programdata\McAfee
2012-11-03 12:10 . 2012-11-03 12:10--------d-----w-c:\users\user\AppData\Local\Octoshape
2012-11-03 12:10 . 2012-11-03 12:10--------d-----w-c:\users\user\AppData\Roaming\Octoshape
2012-11-02 10:01 . 2007-06-27 00:5433792----a-w-c:\windows\system32\Spool\prtprocs\x64\spd__pc.dll
2012-11-02 10:01 . 2012-11-02 10:01--------d-----w-c:\program files (x86)\Samsung Printers
2012-11-02 10:00 . 2010-08-09 02:04162096----a-w-c:\windows\system32\SUPDSvcA.dll
2012-11-02 10:00 . 2009-10-07 02:43256000----a-w-c:\windows\system32\SIPDUtil.dll
2012-11-02 10:00 . 2008-06-04 06:5327648----a-w-c:\windows\system32\spd__l.dll
2012-11-02 10:00 . 2010-08-09 02:04166704----a-w-c:\windows\system32\SUPDSvc.exe
2012-11-02 10:00 . 2010-08-09 00:14359424----a-w-c:\windows\system32\DscPnt.dll
2012-11-02 10:00 . 2006-11-21 11:4089600----a-w-c:\windows\system32\spd__ci.dll
2012-11-02 10:00 . 2010-08-09 02:04258864----a-w-c:\windows\SUPDRun.exe
2012-11-02 10:00 . 2010-05-11 05:28151552----a-w-c:\windows\system32\spd__ci.exe
2012-11-02 10:00 . 2012-11-02 10:00--------d-----w-c:\windows\twain_64
2012-11-02 09:57 . 2010-05-20 06:08280064----a-w-c:\windows\system32\snWIAMUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 14:18 . 2012-04-02 07:09697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 14:18 . 2011-12-14 12:2073656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 02:19 . 2011-11-30 13:0666395536----a-w-c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 12:48135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:48350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:48561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-09 18:22 . 2012-10-09 18:2280384----a-w-c:\windows\system32\igdde64.dll
2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrtrk.lrc
2012-10-09 18:22 . 2012-10-09 18:22216064----a-w-c:\windows\system32\iglhcp64.dll
2012-10-09 18:22 . 2012-10-09 18:22180224----a-w-c:\windows\SysWow64\iglhcp32.dll
2012-10-09 18:22 . 2012-10-09 18:225903392----a-w-c:\windows\system32\GfxUI.exe
2012-10-09 18:22 . 2012-10-09 18:22519680----a-w-c:\windows\SysWow64\iglhsip32.dll
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrdeu.lrc
2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrhun.lrc
2012-10-09 18:22 . 2012-10-09 18:223776512----a-w-c:\windows\SysWow64\igfxcmjit32.dll
2012-10-09 18:22 . 2012-10-09 18:2210673664----a-w-c:\windows\SysWow64\ig4icd32.dll
2012-10-09 18:22 . 2012-10-09 18:2264512----a-w-c:\windows\SysWow64\igdde32.dll
2012-10-09 18:22 . 2012-10-09 18:22501760----a-w-c:\windows\system32\igfxcmrt64.dll
2012-10-09 18:22 . 2012-10-09 18:22439296----a-w-c:\windows\system32\igfxrrus.lrc
2012-10-09 18:22 . 2012-10-09 18:22431104----a-w-c:\windows\system32\igfxrkor.lrc
2012-10-09 18:22 . 2012-10-09 18:22410624----a-w-c:\windows\system32\igfxTMM.dll
2012-10-09 18:22 . 2012-10-09 18:2212836864----a-w-c:\windows\system32\igd10umd64.dll
2012-10-09 18:22 . 2012-03-19 14:17110592----a-w-c:\windows\system32\hccutils.dll
2012-10-09 18:22 . 2012-10-09 18:22330240----a-w-c:\windows\SysWow64\igfxdv32.dll
2012-10-09 18:22 . 2012-10-09 18:2212604416----a-w-c:\windows\system32\igdumd64.dll
2012-10-09 18:22 . 2012-10-09 18:22441888----a-w-c:\windows\system32\igfxpers.exe
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrhrv.lrc
2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrcsy.lrc
2012-10-09 18:22 . 2012-10-09 18:2225088----a-w-c:\windows\SysWow64\igfxexps32.dll
2012-10-09 18:22 . 2012-10-09 18:225343584----a-w-c:\windows\system32\drivers\igdkmd64.sys
2012-10-09 18:22 . 2012-10-09 18:22448512----a-w-c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-09 18:22 . 2012-10-09 18:22441856----a-w-c:\windows\system32\igfxdev.dll
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrnld.lrc
2012-10-09 18:22 . 2012-10-09 18:22399392----a-w-c:\windows\system32\hkcmd.exe
2012-10-09 18:22 . 2012-10-09 18:22272928----a-w-c:\windows\system32\igvpkrng600.bin
2012-10-09 18:22 . 2012-10-09 18:22126976----a-w-c:\windows\system32\igfxcpl.cpl
2012-10-09 18:22 . 2012-10-09 18:22116224----a-w-c:\windows\system32\igfxCoIn_v2867.dll
2012-10-09 18:22 . 2012-03-19 14:1763488----a-w-c:\windows\system32\igfxsrvc.dll
2012-10-09 18:22 . 2012-03-19 14:169007616----a-w-c:\windows\system32\igfxress.dll
2012-10-09 18:22 . 2012-10-09 18:22604160----a-w-c:\windows\SysWow64\igfxcmrt32.dll
2012-10-09 18:22 . 2012-10-09 18:224571136----a-w-c:\windows\system32\igfxcmjit64.dll
2012-10-09 18:22 . 2012-10-09 18:22439808----a-w-c:\windows\system32\igfxresn.lrc
2012-10-09 18:22 . 2012-10-09 18:22439296----a-w-c:\windows\system32\igfxrrom.lrc
2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrsve.lrc
2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrslv.lrc
2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrnor.lrc
2012-10-09 18:22 . 2012-10-09 18:22437248----a-w-c:\windows\system32\igfxrdan.lrc
2012-10-09 18:22 . 2012-10-09 18:22277024----a-w-c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-09 18:22 . 2012-10-09 18:22185376----a-w-c:\windows\system32\difx64.exe
2012-10-09 18:22 . 2012-10-09 18:22173568----a-w-c:\windows\system32\gfxSrvc.dll
2012-10-09 18:22 . 2012-10-09 18:2212887040----a-w-c:\windows\system32\ig4icd64.dll
2012-10-09 18:22 . 2012-10-09 18:22435712----a-w-c:\windows\system32\igfxrheb.lrc
2012-10-09 18:22 . 2012-10-09 18:22429056----a-w-c:\windows\system32\igfxrcht.lrc
2012-10-09 18:22 . 2012-10-09 18:22171040----a-w-c:\windows\system32\igfxtray.exe
2012-10-09 18:22 . 2012-10-09 18:2211158528----a-w-c:\windows\SysWow64\igd10umd32.dll
2012-10-09 18:22 . 2012-10-09 18:22509984----a-w-c:\windows\system32\igfxsrvc.exe
2012-10-09 18:22 . 2012-10-09 18:22440320----a-w-c:\windows\system32\igfxrell.lrc
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrptg.lrc
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrplk.lrc
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrita.lrc
2012-10-09 18:22 . 2012-10-09 18:22438272----a-w-c:\windows\system32\igfxrfin.lrc
2012-10-09 18:22 . 2012-10-09 18:22437248----a-w-c:\windows\system32\igfxrtha.lrc
2012-10-09 18:22 . 2012-10-09 18:22428544----a-w-c:\windows\system32\igfxrchs.lrc
2012-10-09 18:22 . 2012-10-09 18:22286208----a-w-c:\windows\system32\igfxrenu.lrc
2012-10-09 18:22 . 2012-10-09 18:22142336----a-w-c:\windows\system32\igfxdo.dll
2012-10-09 18:22 . 2012-10-09 18:22963452----a-w-c:\windows\system32\igcodeckrng600.bin
2012-10-09 18:22 . 2012-10-09 18:22482304----a-w-c:\windows\system32\igfx11cmrt64.dll
2012-10-09 18:22 . 2012-10-09 18:22386048----a-w-c:\windows\system32\igfxpph.dll
2012-10-09 18:22 . 2012-10-09 18:22524800----a-w-c:\windows\system32\iglhsip64.dll
2012-10-09 18:22 . 2012-10-09 18:22438784----a-w-c:\windows\system32\igfxrsky.lrc
2012-10-09 18:22 . 2012-10-09 18:22435712----a-w-c:\windows\system32\igfxrara.lrc
2012-10-09 18:22 . 2012-10-09 18:22432128----a-w-c:\windows\system32\igfxrjpn.lrc
2012-10-09 18:22 . 2012-10-09 18:2228672----a-w-c:\windows\system32\igfxexps.dll
2012-10-09 18:22 . 2012-10-09 18:22252448----a-w-c:\windows\system32\igfxext.exe
2012-10-09 18:22 . 2012-03-19 15:2611040256----a-w-c:\windows\SysWow64\igdumd32.dll
2012-10-09 18:22 . 2012-10-09 18:229728----a-w-c:\windows\system32\IGFXDEVLib.dll
2012-10-09 18:22 . 2012-10-09 18:22439808----a-w-c:\windows\system32\igfxrfra.lrc
2012-10-09 18:22 . 2012-10-09 18:22437760----a-w-c:\windows\system32\igfxrptb.lrc
2012-09-29 11:54 . 2012-07-09 14:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-11 08:072048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 08:072048----a-w-c:\windows\SysWow64\tzres.dll
2012-09-02 00:18 . 2012-09-02 00:18108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 00:18 . 2012-09-02 00:18289768----a-w-c:\windows\system32\javaws.exe
2012-09-02 00:18 . 2012-09-02 00:18189416----a-w-c:\windows\system32\javaw.exe
2012-09-02 00:18 . 2012-09-02 00:18188904----a-w-c:\windows\system32\java.exe
2012-09-02 00:18 . 2012-09-02 00:18916456----a-w-c:\windows\system32\deployJava1.dll
2012-09-02 00:18 . 2012-09-02 00:181034216----a-w-c:\windows\system32\npDeployJava1.dll
.
.

hokokhua · Nov 30, 2012

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[-] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\browser.dll
[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[-] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
.
[-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[-] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[7] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\spoolsv.exe
[7] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[-] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[-] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[-] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[-] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7601.17932] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll
[-] 2012-08-20 . 624B34180C79D67C470C155DB81FFB8E . 1163264 . . [6.1.7601.17932] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\erdnt\cache64\kernel32.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[-] 2012-08-20 . EAF41CFBA5281834CBC383C710AC7965 . 1162240 . . [6.1.7601.17932] .. c:\windows\system32\kernel32.dll
.
[-] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_87c4e241f4e1f6f6\mshtml.dll
[-] 2012-10-08 . 1FB8062D4C3A4C7B8ECA7BBD1E743000 . 17812992 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_8840ae430e0a66ac\mshtml.dll
[-] 2012-08-24 . F244DA6DD2C365ABAFD076222C22C2BE . 17810944 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_87bfe0cff4e67843\mshtml.dll
[-] 2012-08-24 . 522A528C296A9AEF3F0C289FF7093315 . 17810944 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_88507fa10dfdc96e\mshtml.dll
[-] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll
[-] 2012-06-29 . C4DE0E2B31F60ACB15E6B4154E26298A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll
[-] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll
[-] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll
[-] 2012-05-18 . DE469470D93DEB4A1A81EDE72B848198 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll
[-] 2012-05-18 . BE1E4779329040ED334651CD877C416D . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll
[-] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll
[-] 2012-02-28 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll
[-] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[-] 2011-12-14 . 153963F44A26A7840ACDF52C2CD1B9DC . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_885a4f430df69426\mshtml.dll
[7] 2011-11-30 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll
[-] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll
[-] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll
[7] 2011-10-01 . 6954EE1BBF29632A73791910E89951A8 . 9011200 . . [8.00.7601.17699] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_8bd1e33ab007593c\mshtml.dll
[7] 2011-10-01 . 187A4AE835C9C269447A7ACE944744FB . 9011200 . . [8.00.7601.21830] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_8c935ed9c8fc6a78\mshtml.dll
[7] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[-] 2012-10-08 . 6D4F838E72EEEB3D6FB16A5A45632560 . 17811968 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[-] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[-] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_766ac323748b8dc0\wininet.dll
[-] 2012-10-08 . 789EAD6F3CE42F3322818988400986E9 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_76e68f248db3fd76\wininet.dll
[-] 2012-08-24 . 3D165C53E40236A68B7102D1A622D4E0 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_7665c1b174900f0d\wininet.dll
[-] 2012-08-24 . 456D4E9006DF149C250D40B813290471 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_76f660828da76038\wininet.dll
[-] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll
[-] 2012-06-29 . 8BA7EDA2656ED7FBC93BDD5CB02B8D4E . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll
[-] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll
[-] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll
[-] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll
[-] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll
[-] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll
[-] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll
[-] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
[-] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll
[7] 2011-11-30 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll
[-] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll
[-] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
[7] 2011-08-20 . DB33A1489C1DA1F37AC2D84CB9756DD1 . 1188864 . . [8.00.7601.17671] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_7a8561a42fa7ed6c\wininet.dll
[7] 2011-08-20 . 2B4973A8A9D0336EEF6E10DBD6E5B87D . 1189376 . . [8.00.7601.21795] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_7afd5fbf48d22a74\wininet.dll
[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2012-10-08 . A19DB004D954BBC9C4EC125711E1D1C2 . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[-] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[-] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[-] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[7] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7601.17932] .. c:\windows\SysWOW64\kernel32.dll
[-] 2012-08-20 . 9B98D47916EAD4F69EF51B56B0C2323C . 1114112 . . [6.1.7601.17932] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[-] 2012-08-20 . 305681B4B695D4A888B941965FFC2C17 . 1114112 . . [6.1.7601.17932] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\erdnt\cache86\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[7] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_92198c942942b8f1\mshtml.dll
[-] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_92955895426b28a7\mshtml.dll
[-] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_92a529f3425e8b69\mshtml.dll
[-] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_92148b2229473a3e\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll
[-] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll
[-] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll
[-] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll
[-] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll
[-] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll
[-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll
[-] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll
[-] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll
[-] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll
[7] 2011-11-30 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll
[-] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll
[-] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll
[7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7601.21830] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_96e8092bfd5d2c73\mshtml.dll
[7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7601.17699] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_96268d8ce4681b37\mshtml.dll
[7] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll
[-] 2012-10-08 . 6E3AC8A54A1881806BA2B58539483788 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll
[-] 2012-08-24 . 2895E29EFCFC0B1BCF8AEE1A0C67913C . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll
[-] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[-] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[-] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[-] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[-] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
[-] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
[-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[-] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[-] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[-] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
[7] 2011-11-30 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
[-] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[-] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[7] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-12-15 436088]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-19 896912]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-07-27 1261512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-16 296096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-6-23 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"OldEnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys [2012-04-18 90624]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files (x86)\J River\Media Center 17\JRService.exe [2012-05-07 392320]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-10 217600]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 PCTSFileEnum;PCTSFileEnum;c:\program files (x86)\PC Tools\DMScanning\PCTSFiles.exe [2012-05-11 89016]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 685672]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-03-31 141920]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2011-12-22 818952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-24 236544]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
S2 Roozz Updater;Roozz Updater;c:\program files (x86)\Roozz\RoozzUpdater.exe [2012-09-27 393216]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2012-11-27 21568]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-20 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2000-01-01 10368]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatformREG_MULTI_SZ XLServicePlatform
.
‘計劃任務’ 文件夾裡的內容
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:18]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 13:07]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 13:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MouseDriver"="TiltWheelMouse.exe" [2010-10-31 241152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-09 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-09 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-09 441888]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-11-27 7138816]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.sg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &E1OA&N﹐A×AeIsIAOO - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: &E1OA&N﹐A×IAOO - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: &E1OA&N﹐A×IAOOE?2?A’?O - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D}: NameServer = 98.158.112.60 199.127.248.22
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\
FF - ExtSQL: 2012-10-02 21:41; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll
Wow6432Node-HKLM-Run-Driver Genius - (no file)
ShellExecuteHooks-{4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="??捁楴敶?汐杵湩?摮??敗?汐杵湩 v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="??捁楴敶?汐杵湩?摮??敗?汐杵湩 v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\System32\TiltWheelMouse.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
完成時間: 2012-11-30 15:03:29 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2012-11-30 07:03
.
Pre-Run: 119,995,895,808 bytes free
Post-Run: 121,107,156,992 bytes free
.
- - End Of File - - 982BCA0FBC70DE652C1E340319560F9A

Jay Pfoutz · Nov 30, 2012

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Quick Scan button and let the program run uninterrupted.
It will produce a log for you called OTL.txt, please post it in your next reply.
You may need to use two posts to get it all.

hokokhua · Nov 30, 2012

OTL logfile created on: 1/12/2012 8:58:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

7.70 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.73% Memory free
15.39 Gb Paging File | 13.29 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 999.90 Gb Total Space | 112.58 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Drive D: | 863.02 Gb Total Space | 104.46 Gb Free Space | 12.10% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/12/01 08:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/09/27 09:40:45 | 000,393,216 | ---- | M] (Roozz) -- C:\Program Files (x86)\Roozz\RoozzUpdater.exe
PRC - [2012/09/19 20:25:46 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/16 14:31:26 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/27 03:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/12/22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2011/12/16 11:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/12/15 15:55:50 | 000,436,088 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/11/29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/29 20:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/13 18:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/30 14:57:45 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2012/11/23 17:18:10 | 000,088,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2012/11/16 00:56:28 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e3718ece6223593baa31cb00e9780ef7\System.Management.ni.dll
MOD - [2012/11/16 00:55:39 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\de8e0c7dac7ddfbb47bd2fad7a1c2763\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 00:55:34 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a8628a44968950ae1c3ffe3a6f3f60a6\System.Xaml.ni.dll
MOD - [2012/11/15 14:28:24 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cf12ed43759d7a1c04be92cc04bca019\PresentationFramework.ni.dll
MOD - [2012/11/15 14:28:16 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d21b72c457fa044a1439de961cc4494\PresentationCore.ni.dll
MOD - [2012/11/15 14:28:10 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\71b7fd791db6f544dcf6ba822b52a947\WindowsBase.ni.dll
MOD - [2012/11/15 14:28:09 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\83973b62e21d9cb2255f3511882e8d39\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 14:24:35 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\092689c884e1797414554c26f165b28b\System.Windows.Forms.ni.dll
MOD - [2012/11/15 14:24:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1c38885c86b2699d66470bae7cf7305\System.Core.ni.dll
MOD - [2012/11/15 14:24:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f054c2fd2397af924eb5dcd5f3acfc68\System.Xml.ni.dll
MOD - [2012/11/15 14:24:30 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9167adc3041ed7fed384ec3d3e8289fa\System.Drawing.ni.dll
MOD - [2012/11/15 14:24:29 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f1ffda77a89b30adb2a26e08488450e5\System.ni.dll
MOD - [2012/11/15 14:24:25 | 014,417,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6137e81cd213b81085a3a54a956e9262\mscorlib.ni.dll
MOD - [2012/09/17 14:03:55 | 000,419,272 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2012/01/01 16:55:29 | 000,034,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/12/15 15:55:46 | 000,426,344 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/12/15 15:55:38 | 000,116,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2011/11/29 20:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2009/10/13 18:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/27 12:01:09 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/05/25 01:07:32 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/01/23 22:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2011/12/20 10:11:48 | 000,341,800 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/11/28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/01/17 16:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010/08/09 10:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/29 22:18:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/27 19:38:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/27 09:40:45 | 000,393,216 | ---- | M] (Roozz) [Auto | Running] -- C:\Program Files (x86)\Roozz\RoozzUpdater.exe -- (Roozz Updater)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/11 11:13:36 | 000,089,016 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\DMScanning\PCTSFiles.exe -- (PCTSFileEnum)
SRV - [2012/05/08 05:45:13 | 000,392,320 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
SRV - [2011/12/22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2011/12/16 11:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/27 12:01:06 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/11/27 12:00:56 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/11/27 12:00:55 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/25 01:27:42 | 011,175,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/24 23:54:34 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/04/18 09:16:50 | 000,090,624 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/31 18:47:18 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/27 03:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 03:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 03:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/29 13:37:44 | 000,035,120 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2011/12/06 19:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 13:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/20 11:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/09/20 16:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/07/06 18:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/06/23 11:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/06/23 11:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/05/20 22:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 14:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2011/02/14 00:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/08 11:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 06:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/16 13:45:38 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
DRV:64bit: - [2009/03/25 19:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/08/13 20:51:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2000/01/01 08:00:00 | 000,685,672 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000/01/01 08:00:00 | 000,010,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 FF C9 66 CA FA CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=28E5B3B6-29BC-41A0-99A6-550AD5C8CB0E
IE - HKCU\..\SearchScopes\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...1a66c90ef&lang=en&ds=is015&pr=sa&d=2012-05-31 14:36:17&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program Files (x86)\Roozz\nproozz.dll (Roozz.com)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\user\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/16 14:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/16 14:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 19:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 22:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/06 21:34:41 | 000,000,000 | ---D | M]

[2012/09/01 19:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2012/05/21 10:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/21 10:01:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/11/23 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions
[2012/11/23 20:26:36 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/09/01 19:30:03 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5hgdgsj3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/10/27 19:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 19:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 10:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 13:35:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

hokokhua · Nov 30, 2012

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.1.(630).dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Roozz plugin (Enabled) = C:\Program Files (x86)\Roozz\nproozz.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Entanglement = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Flash render quality = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbkhhhlbomjpenealmjakmfmlgnbimep\0.10.1.10_1\
CHR - Extension: Plugins = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.7.0_0\
CHR - Extension: Cloud Reader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Fast save = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjfhdngkcjekoehljnfeabiopefhlla\1.1_0\
CHR - Extension: MaximizeFlash = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljjmflmcnaigbhnheldbdbplkbhngnl\1.1_0\
CHR - Extension: Poppit = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FlashControl = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.0.16_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.9.9_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Fast save = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\olallcgfigihdnkbnklebmdpckbfnjfc\1.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.1_0\

O1 HOSTS File: ([2012/11/30 14:56:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm File not found
O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm File not found
O8:64bit: - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm ()
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm File not found
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm File not found
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53F2BC1E-01F1-4806-B216-8F6AAF184D2D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{574A8165-F901-4AC7-AD08-ECD917D8F33D}: NameServer = 98.158.112.60 199.127.248.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E18089D-8B59-4DEE-85A4-8EED830558C2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {4562B511-62E9-4533-B7B2-56A8BB10B482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(630).dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 08:57:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/11/30 15:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/30 14:56:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/30 14:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/30 14:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/30 14:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/30 14:18:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 14:17:38 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/11/29 09:23:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.com
[2012/11/27 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\BCGameTime
[2012/11/27 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Bad Piggies HD 1.1.0 Android Apk
[2012/11/27 20:08:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\What Hi-Fi Sound and Vision Magazine UK December 2012 PDF [RAHMANAT1]
[2012/11/27 13:04:09 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/11/27 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Broadcom
[2012/11/27 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bluetooth Exchange Folder
[2012/11/27 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/11/27 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/11/27 12:01:34 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/11/27 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/11/27 11:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012/11/25 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012/11/25 19:51:23 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Apps Magazine UK Issue 26, 2012 [azizex666]
[2012/11/25 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\PC Advisor Magazine January 2013 [azizex666]
[2012/11/23 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Newsweek - December 3 2012
[2012/11/23 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Great Dharma Books 7
[2012/11/20 20:03:39 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\The.Hunger.Games.2012.RERIP.720p.Bluray.x264.anoXmous
[2012/11/20 08:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/17 11:41:02 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\1600446469_Scienc
[2012/11/11 13:57:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
[2012/11/11 13:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
[2012/11/11 13:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kindle Auto eBook Converter
[2012/11/11 13:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DjVu Viewer
[2012/11/11 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DjVu Viewer
[2012/11/11 12:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/11/11 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/03 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Octoshape
[2012/11/03 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Octoshape Streaming Services
[2012/11/03 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Octoshape
[2012/11/03 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LeafyVPN
[2012/11/02 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung Printers
[2012/11/02 18:00:34 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll
[2012/11/02 18:00:34 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll
[2012/11/02 18:00:31 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe
[2012/11/02 18:00:31 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll
[2012/11/02 18:00:00 | 000,000,000 | ---D | C] -- C:\Windows\twain_64
[2012/11/02 17:57:48 | 000,280,064 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\snWIAMUI.dll

========== Files - Modified Within 30 Days ==========

[2012/12/01 09:00:37 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 09:00:37 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 08:57:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/12/01 08:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 08:51:39 | 1904,549,887 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 14:56:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/30 14:46:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 14:43:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000UA.job
[2012/11/30 14:17:58 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/11/29 09:23:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.com
[2012/11/29 08:57:33 | 000,480,125 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2012/11/28 21:43:05 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/11/28 21:42:24 | 035,693,696 | ---- | M] () -- C:\Users\user\Desktop\Bad Piggies HD-v1.0.0.ipa
[2012/11/28 20:47:16 | 001,785,791 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/11/27 13:40:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/27 13:40:13 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/27 13:40:13 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/27 13:04:09 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2012/11/27 12:07:24 | 000,052,984 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012/11/27 12:04:02 | 000,000,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/11/27 12:02:00 | 000,797,534 | ---- | M] () -- C:\Windows\SysNative\oem137.inf
[2012/11/27 12:01:09 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012/11/27 12:01:09 | 000,000,445 | ---- | M] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/11/27 12:01:05 | 000,000,446 | ---- | M] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/11/27 12:00:58 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/11/27 12:00:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/11/27 11:55:06 | 000,035,499 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/11/27 11:54:41 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/11/25 20:04:59 | 083,505,587 | ---- | M] () -- C:\Users\user\Desktop\Android Magazine - Issue 18, 2012.pdf
[2012/11/25 18:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892454325-3400438884-1050192996-1000Core.job
[2012/11/16 00:38:33 | 000,310,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 00:06:49 | 534,763,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/11 14:06:19 | 011,066,776 | ---- | M] () -- C:\Users\user\Desktop\k2pdfopt.exe
[2012/11/02 18:05:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/11/30 14:18:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/30 14:18:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/30 14:18:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/30 14:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/30 14:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/29 08:56:10 | 000,480,125 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2012/11/28 21:43:05 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/11/27 20:20:33 | 035,693,696 | ---- | C] () -- C:\Users\user\Desktop\Bad Piggies HD-v1.0.0.ipa
[2012/11/27 12:04:46 | 000,054,751 | ---- | C] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.0337.0348.hex
[2012/11/27 12:04:11 | 000,001,290 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyBits Chat.lnk
[2012/11/27 12:04:02 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/11/27 12:02:09 | 000,797,534 | ---- | C] () -- C:\Windows\SysNative\oem137.inf
[2012/11/27 12:01:36 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/11/27 12:01:33 | 000,000,446 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/11/27 12:01:31 | 000,000,445 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/11/27 12:00:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/11/27 11:58:05 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2012/11/27 11:56:25 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2012/11/27 11:55:34 | 000,052,984 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/27 11:54:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/27 11:54:39 | 000,035,499 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/25 19:45:11 | 083,505,587 | ---- | C] () -- C:\Users\user\Desktop\Android Magazine - Issue 18, 2012.pdf
[2012/11/15 14:25:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 14:19:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 00:06:49 | 534,763,731 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/11 14:05:39 | 011,066,776 | ---- | C] () -- C:\Users\user\Desktop\k2pdfopt.exe
[2012/11/02 18:00:32 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll
[2012/11/02 18:00:31 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll
[2012/11/02 18:00:30 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012/11/02 18:00:30 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe
[2012/11/02 18:00:30 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/07/08 20:26:15 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/11 21:10:49 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2012/06/10 20:31:45 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/10 20:31:42 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/06/10 20:31:42 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/05/31 14:48:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/31 14:48:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/31 14:48:45 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/23 20:57:20 | 000,000,025 | ---- | C] () -- C:\Users\user\AppData\Roaming\CoreAVC.ini
[2012/01/06 20:54:10 | 000,012,169 | ---- | C] () -- C:\Users\user\AppData\Roaming\SmarThruOptions.xml
[2011/12/04 09:43:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/04 09:43:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/04 09:43:51 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/01 21:25:13 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2011/12/01 07:23:33 | 000,019,968 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 21:53:34 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2011/11/30 21:04:32 | 000,021,005 | ---- | C] () -- C:\Windows\SysWow64\w3qmh.dll
[2011/11/30 20:58:12 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/11/30 20:57:54 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011/11/30 20:57:46 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/11/30 20:57:44 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2011/11/30 20:56:20 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2011/11/30 20:51:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0
[2012/07/08 20:04:04 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/17 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2012/05/12 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2012/11/27 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BCGameTime
[2012/06/11 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\calibre
[2012/08/10 16:39:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DiskAid
[2011/12/25 00:04:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/06/10 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\driveridentifier
[2012/01/06 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2012/07/11 10:24:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\f-secure
[2012/11/02 11:16:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\foobar2000
[2012/04/06 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HandBrake
[2012/01/01 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2012/05/09 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\J River
[2012/03/24 13:58:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo
[2012/02/05 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mkvtoolnix
[2012/11/30 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mp3tag
[2012/05/11 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nitro PDF
[2012/11/03 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Octoshape
[2011/12/01 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Philipp Winterberg
[2012/11/27 22:27:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPLive
[2011/12/31 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPStream
[2012/10/22 06:56:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\redsn0w
[2012/03/24 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012/07/08 18:48:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simply Super Software
[2011/11/30 22:43:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Stardock
[2012/05/31 18:59:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SystemRequirementsLab
[2011/11/30 22:51:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeraCopy
[2012/07/08 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2012/03/24 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tiger-k
[2012/12/01 09:12:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/08/28 14:51:19 | 000,043,839 | ---- | M] ()(C:\Users\user\Desktop\中?字?1.xlsx) -- C:\Users\user\Desktop\中华字经1.xlsx
[2012/08/06 10:31:46 | 000,043,839 | ---- | C] ()(C:\Users\user\Desktop\中?字?1.xlsx) -- C:\Users\user\Desktop\中华字经1.xlsx
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

< End of report >

hokokhua · Nov 30, 2012

OTL Extras logfile created on: 1/12/2012 8:58:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

7.70 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.73% Memory free
15.39 Gb Paging File | 13.29 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 999.90 Gb Total Space | 112.58 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Drive D: | 863.02 Gb Total Space | 104.46 Gb Free Space | 12.10% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61367282-B091-4F1B-99AC-7A20DDF7F8B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95E4B182-5E42-489D-BE06-D9A40A97DBC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0331DDC5-818C-4BE8-B056-0475E3B7C6A6}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{05EDFD83-3249-4D43-9C8C-858D495CD431}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\chess.exe |
"{09A152D1-0E63-4DF1-A126-95EAD33DE5D2}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{0FF2FF0D-DE4C-4616-9AB2-59B77CEF9091}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1622EA20-9427-45DB-B61A-99CEAB3A949B}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\tictactoe.exe |
"{20FB2A99-64AC-4520-888E-C94D1FEF7319}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\checkers.exe |
"{353B38F3-320B-4650-9820-6DFA814D54C7}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\backgammon.exe |
"{385E766B-C407-4BA4-9E80-6688246D3E91}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74FFF4DC-5DCE-42FB-825D-5B974C4CFACF}" = protocol=58 | dir=in | app=system |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D81EC01-A643-46E6-971D-06767DC40ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A98F82F9-57BC-4FF6-95B8-919085D89305}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1E89BB0-F1D3-40FD-861C-241847CFD538}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{BA16D8A7-F6F2-4864-AAFC-3521068C1CAA}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4E069B0-087C-4B1A-BDD4-694D19E90CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECD9E32E-679A-4AEF-BA08-A094317D5A34}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\seabattle.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1B357E6-9A8D-44DC-A477-8BD729253BF9}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\easychat.exe |
"{F4EFCE12-E19C-463B-8F74-713C64F91B69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F6EAB9F5-3202-4E60-97EA-C42111A5EDE5}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2D495718-D6F9-4CF2-B739-CFFFD03A5ED7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{79804B05-B074-40DE-B9B8-F5BB0F708C2F}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{7B4C5762-3661-43A8-B85D-A761BA27BABE}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"TCP Query User{AF60584B-974A-432D-88BB-964BA5A2296F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{B8AD0133-913B-437B-9364-CA9BA0FE9953}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D0B7B5FB-263B-4D42-9A38-EFEDF76A0F4D}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{D65AADBC-1C5F-4D3E-A5F5-9A588E8FB9B2}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe |
"UDP Query User{3321E8B5-2FB8-4659-ABA7-86B23A142CFB}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{632DB705-31DC-421C-A6F7-66320EDD92C5}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"UDP Query User{907608D4-0D51-4B41-9A62-5EC3E0D3EC70}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{937E6093-470A-4478-B82F-F0B4C93513F7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{E4207C10-4EFB-4E34-B06B-9AC99FE029CA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{ECC1D7AD-5A96-449C-A0F9-4B3312B30266}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.122_1111\thunderplatform.exe |
"UDP Query User{EE21A99E-A23C-4B91-AF86-FC11080B478B}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

hokokhua · Nov 30, 2012

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5586CBEA-C071-4616-B809-6E11815D2190}" = ESET Smart Security
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{645AE9CF-AF1B-4FBB-9B9D-17A23D03AF10}" = Intel(R) Network Connections 16.1.53.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DE6C496B-D0E2-4906-83F2-7C7493B7DD04}" = Nitro Reader 2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"MediaInfo" = MediaInfo 0.7.53
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 16.1.53.0
"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{3A959BCB-643A-462F-A692-5B7FE4CE35AC}_is1" = DjVu Viewer version 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D14F064B-F549-462F-BABD-857830FEA0B6}_is1" = PC Tools on-the-fly Scanner 9.0
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656270D-66A6-41D9-828A-436EE0228D3B}" = calibre
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Digital Editions" = Adobe Digital Editions
"DiskAid_is1" = DiskAid 5.31
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Everything" = Everything 1.2.1.371
"Fences" = Fences
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.9
"FormatFactory" = FormatFactory 3.0.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"HandBrake" = HandBrake 0.9.6
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Media Center 17" = Media Center 17
"MKVToolNix" = MKVToolNix 5.2.1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"pdfsam" = pdfsam
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Roozz plugin_is1" = Roozz plugin 2.9.8
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Smart Defrag 2_is1" = Smart Defrag 2
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WheelMouse" = Advanced Wheel Mouse 6.0.0.011
"winscp3_is1" = WinSCP 4.3.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2012 8:49:37 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program uTorrent.exe version 3.1.3.27220 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 640 Start
Time: 01cd5d0631d34a06 Termination Time: 7 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Report
Id: 5d234e24-c8fb-11e1-a5bd-1c6f65c9515d

Error - 8/7/2012 9:01:16 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program uTorrent.exe version 3.1.3.27220 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1938 Start
Time: 01cd5d0822c798b8 Termination Time: 7 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Report
Id: fe7989f1-c8fc-11e1-a5bd-1c6f65c9515d

Error - 8/7/2012 8:38:32 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/7/2012 1:41:36 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ekrn.exe, version: 5.0.94.0, time stamp:
0x4e7b0032 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00c534e4 Faulting process id: 0x870 Faulting application
start time: 0x01cd5d7a166706c0 Faulting application path: C:\Program Files\ESET\ESET
NOD32 Antivirus\x86\ekrn.exe Faulting module path: unknown Report Id: bf250da5-c988-11e1-be36-1c6f65c9515d

Error - 9/7/2012 10:37:50 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 20.0.1132.47 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f14 Start
Time: 01cd5de049ea790d Termination Time: 5 Application Path: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Report
Id: 9e7941cc-c9d3-11e1-a1f4-1c6f65c9515d

Error - 9/7/2012 11:37:45 PM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 20.0.1132.47 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: df8 Start
Time: 01cd5e49f542c767 Termination Time: 5 Application Path: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Report
Id: 94e841bb-ca40-11e1-aa8e-1c6f65c9515d

Error - 9/7/2012 11:56:24 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 13/7/2012 10:19:10 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDFME.exe, version: 1.4.5.2, time stamp:
0x4d77d26b Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:
0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process id:
0xacc Faulting application start time: 0x01cd616532fecb90 Faulting application path:
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 4b885c9a-cd5a-11e1-a10f-1c6f65c9515d

Error - 15/7/2012 12:01:35 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/7/2012 9:48:59 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 30/11/2012 2:10:41 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 30/11/2012 2:38:27 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 30/11/2012 2:38:47 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 30/11/2012 2:52:01 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 30/11/2012 2:53:40 AM | Computer Name = user-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 30/11/2012 2:54:55 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 30/11/2012 2:55:36 AM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 30/11/2012 2:55:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 30/11/2012 8:51:30 PM | Computer Name = user-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 30/11/2012 8:51:51 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

< End of report >

Jay Pfoutz · Dec 1, 2012

OTL Fix

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
IE - HKCU\..\SearchScopes\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=28E5B3B6-29BC-41A0-99A6-550AD5C8CB0E
IE - HKCU\..\SearchScopes\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
[2012/05/21 10:01:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

:files
ipconfig /flushdns /c

:commands
[emptytemp]
[reboot]

Click to expand...
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

hokokhua · Dec 1, 2012

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254A1BBD-7B84-422A-A2D4-A31AADC7AA06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83439A09-DFC0-4CDC-B834-C0D6CCB638B0}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PlayOnHD
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 546228 bytes
->Temporary Internet Files folder emptied: 30383304 bytes
->Java cache emptied: 204269 bytes
->FireFox cache emptied: 305007611 bytes
->Google Chrome cache emptied: 217481395 bytes
->Flash cache emptied: 68163 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2566030 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 840410915 bytes

Total Files Cleaned = 1,332.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12022012_114902

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

hokokhua · Dec 2, 2012

Hi there,

ran the eset online and there was no threat found. but the easybits programs are still there.

thanks!

Jay Pfoutz · Dec 2, 2012

SystemLook x64 scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
*easybit*

:folderfind
*easybit*

:regfind
easybit

Click to expand...
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

hokokhua · Dec 2, 2012

SystemLook 30.07.11 by jpshortstuff
Log created at 07:43 on 03/12/2012 by user
Administrator - Elevation successful
========== filefind ==========
Searching for "*easybit*"
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\EasyBits Tic-Tac-Toe.swf--a---- 113098 bytes[08:52 19/01/2011][08:52 19/01/2011] 323895ECC8216F539B64F0CF8BA885ED
========== folderfind ==========
Searching for "*easybit*"
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Gamesd------[04:03 27/11/2012]
========== regfind ==========
Searching for "easybit"
[HKEY_CURRENT_USER\Software\EasyBits]
[HKEY_CURRENT_USER\Software\EasyBits\BCGameTime]
"Plugins Root"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
"ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
"ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
"AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
"Title"="EasyBits Chess (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
"Description"="EasyBits Chess (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
"ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
"ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
"AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
"Title"="EasyBits Backgammon (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
"Description"="EasyBits Backgammon (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
"ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
"ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
"AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
"Title"="EasyBits Checkers (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
"Description"="EasyBits Checkers (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
"ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
"ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
"AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
"Title"="EasyBits Sea Battle (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
"Description"="EasyBits Sea Battle (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
"ConfigApplicationPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
"ConfigGDFBinaryPath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
"AppExePath"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
"Title"="EasyBits Tic-Tac-Toe (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
"Description"="EasyBits Tic-Tac-Toe (Multiplayer)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FA929D6CBDF5424B95B5E6B943CA32B]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51496F2F7A5D27E4EB7F93B29A21B6B3]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DE67C4B38391904C895CFC9ED55DFAC]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8165063A35FEC504FB56DB38BB48FAE5]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98EDF2F1586B6AE41860027FF2C17CCB]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7A9F86F966BEE5498EFC0D4F353A2CD]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEF07E12D8FD98F4BBE92C1A361A56C1]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D31E2468C7EB7644D84423C5FBC4DE67]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D93809629264C6A46AD4C4ACEA269F00]
"3AC4F7E6ED2BC3147A1A34AAB51EE91A"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\InprocServer32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\0\win32]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\ezGameXNBC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\1.0\HELPDIR]
@="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{353B38F3-320B-4650-9820-6DFA814D54C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe|Name=Backgammon|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FB2A99-64AC-4520-888E-C94D1FEF7319}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe|Name=Checkers|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EDFD83-3249-4D43-9C8C-858D495CD431}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe|Name=Chess|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1B357E6-9A8D-44DC-A477-8BD729253BF9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe|Name=EasyChat|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ECD9E32E-679A-4AEF-BA08-A094317D5A34}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe|Name=SeaBattle|Edge=TRUE|Defer=App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1622EA20-9427-45DB-B61A-99CEAB3A949B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe|Name=TicTacToe|Edge=TRUE|Defer=App|"
[HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits]
[HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits\BCGameTime]
"Plugins Root"="C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games"
-= EOF =-

Jay Pfoutz · Dec 3, 2012

OTL Fix

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:files
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games

:reg
[-HKEY_CURRENT_USER\Software\EasyBits]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\"=-
[-HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits]

:commands
[emptytemp]
[reboot]

Click to expand...
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Let me know if EasyBits issue is gone.

hokokhua · Dec 3, 2012

All processes killed
========== FILES ==========
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\MLS folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\EB659AD2FCC647F38E82982293E1663C folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C7D94334204347AEBB0F776ED21C7F29 folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\C5094D21049946CC8CCB397AAB28817A folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1\fight folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\ABC0C93967AD43098E0382FD5EA9DFE1 folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games\7FF10FD1D9E1467181402A0155363CB2 folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Games folder moved successfully.
C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\EasyBits\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D07B6E4-681E-436A-9471-CEDD4FFF4BDA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A2D99BA-A1DD-4841-93F7-89B43D089B87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95105DA3-7251-4CD4-83D8-00253EC1CF71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF50E68-96C2-4CF9-B73F-817CA253EF7F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C057D776-076E-4C22-A33F-20242B43AC0A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285417A7-D46C-4E79-AEB7-990F807FEC76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A64B37D-6771-4868-A0C2-4A634F24DCF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4B750581-9399-4982-9DE9-9FF5C980C4B6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B750581-9399-4982-9DE9-9FF5C980C4B6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE9D2AD-2714-40F4-9D4B-837C4F52D19D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B94B64E-BA5D-497E-B46D-E455C52F95FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D01F4D0F-D9EA-4E14-9DFF-EF04FB915943}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_USERS\S-1-5-21-3892454325-3400438884-1050192996-1000\Software\EasyBits\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PlayOnHD
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 133281 bytes
->Temporary Internet Files folder emptied: 23939944 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 274144710 bytes
->Flash cache emptied: 1308 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4726 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2357746 bytes

Total Files Cleaned = 287.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12042012_090347
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

hokokhua · Dec 3, 2012

Hey DMJ,
Thanks! The Easybit files are gone. Incidentally, are you able to tell how I got infected so I'd more carefully in future.

Paul

Jay Pfoutz · Dec 4, 2012

You had some adware, which can happen through a variety of events. Mostly, adware gets installed by first installing other programs, then the adware was attached. Usually this happens when you use download sites, off-sites for the specific download, or actually downloading adware itself (unsuspectingly).

I'd be happy to give recommendations, but we need to finish up first and I need info from Security Check tool, so I can help your computer get protected, as well.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

hokokhua · Dec 5, 2012

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Jay Pfoutz · Dec 5, 2012

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Firefox update

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > About Firefox > Check for Updates.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Solved EasyBits malware

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 40 +0

Posts: 40 +0

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 40 +0

Posts: 40 +0

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 40 +0

Posts: 4,279 +49

Posts: 40 +0

Posts: 4,279 +49

Similar threads