Solved Trojan Sirefef needs eliminating

[Bobbye]

Nathan, I am deleting https://www.techspot.com/community/topics/help-should-i-restart-my-computer.180030/
Please wait for Broni to help you.

 

[Broni]

That's because you didn't read my instructions carefully:

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
bkasepa
bizvasmp
bfeazglf
bcykqxnd
anrxzaes
anfrxscr
algpxihc
fyqgcqy
fvemleed
feskqxkv
eudmlcgx
ejswrmjj
efctuwcc
echtgppb
dobsrzzr
doavittn
dgxwxhoi
dfjlravi
cvoosfih
crogquxg
crlwsgkt
cqumwyqr
cnivisli
cnbqyxod
cmfxxesp
clrpisck
cleqxnfr
bynjmlee
bkasepal
jgubkche
irubozzj
irqarmaw
iqbjmgih
inzhyahc
iiiribdp
hspvpogo
hcaktcpj
hbxpeivb
gyzsnjch
gmwhdabk
glewgrop
gimxcwch
gaiyrthq
fyqgcqyx
mjjbyqg
mcaayfmg
lqotftju
lkqtjhjr
lhhjelll
ldkoqbcv
kiosgusv
kdcouwvd
jnlvhsra
jjxcyfpq
oyqbyjxp
oxmyyngw
osbtqxyg
oostygzp
omnfwvux
ojvnitvc
ohtgvpls
oentpmve
odrjidqo
nmlxqhad
nglygumz
nghkpaca
ndxkqvho
ndjpqrgg
mzmslejl
myhxbxgn
mjzygdsh
mjjbyqgs
tpiwwocw
tmyeytbk
tgvfsljd
srkqcgyr
spzwunjo
rzgttibq
rwtlydmu
ruvxtwxa
rtvimyen
rpkkgjox
qmhwivaz
qhyymwib
qdyrljwa
pxctjdxj
pugrpfks
prhcxhri
yaoqwpdl
xjnzyttd
xcnkzzti
xaaszano
wvsyfnkj
wolwliit
wluefyoa
wlryfvmn
wiqcqshl
wayrjbij
vmskvhis
uywyvisi
uvyxiehq
uqgovcpe

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[NathanC]

Sorry about that reboot!!! I must be more careful....

ComboFix 12-04-17.01 - Cheung 19/04/2012 9:50.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.1431 [GMT 8:00]
Running from: c:\users\Cheung\Desktop\ComboFix2.exe
Command switches used :: c:\users\Cheung\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cheung\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_algpxihc
-------\Service_anfrxscr
-------\Service_anrxzaes
-------\Service_bcykqxnd
-------\Service_bfeazglf
-------\Service_bizvasmp
-------\Service_bkasepal
-------\Service_bynjmlee
-------\Service_cleqxnfr
-------\Service_clrpisck
-------\Service_cmfxxesp
-------\Service_cnbqyxod
-------\Service_cnivisli
-------\Service_cqumwyqr
-------\Service_crlwsgkt
-------\Service_crogquxg
-------\Service_cvoosfih
-------\Service_dfjlravi
-------\Service_dgxwxhoi
-------\Service_doavittn
-------\Service_dobsrzzr
-------\Service_echtgppb
-------\Service_efctuwcc
-------\Service_ejswrmjj
-------\Service_eudmlcgx
-------\Service_feskqxkv
-------\Service_fvemleed
-------\Service_fyqgcqyx
-------\Service_gaiyrthq
-------\Service_gimxcwch
-------\Service_glewgrop
-------\Service_gmwhdabk
-------\Service_gyzsnjch
-------\Service_hbxpeivb
-------\Service_hcaktcpj
-------\Service_hspvpogo
-------\Service_iiiribdp
-------\Service_inzhyahc
-------\Service_iqbjmgih
-------\Service_irqarmaw
-------\Service_irubozzj
-------\Service_jgubkche
-------\Service_jjxcyfpq
-------\Service_jnlvhsra
-------\Service_kdcouwvd
-------\Service_kiosgusv
-------\Service_ldkoqbcv
-------\Service_lhhjelll
-------\Service_lkqtjhjr
-------\Service_lqotftju
-------\Service_mcaayfmg
-------\Service_mjjbyqgs
-------\Service_mjzygdsh
-------\Service_myhxbxgn
-------\Service_mzmslejl
-------\Service_ndjpqrgg
-------\Service_ndxkqvho
-------\Service_nghkpaca
-------\Service_nglygumz
-------\Service_nmlxqhad
-------\Service_odrjidqo
-------\Service_oentpmve
-------\Service_ohtgvpls
-------\Service_ojvnitvc
-------\Service_omnfwvux
-------\Service_oostygzp
-------\Service_osbtqxyg
-------\Service_oxmyyngw
-------\Service_oyqbyjxp
-------\Service_prhcxhri
-------\Service_pugrpfks
-------\Service_pxctjdxj
-------\Service_qdyrljwa
-------\Service_qhyymwib
-------\Service_qmhwivaz
-------\Service_rpkkgjox
-------\Service_rtvimyen
-------\Service_ruvxtwxa
-------\Service_rwtlydmu
-------\Service_rzgttibq
-------\Service_spzwunjo
-------\Service_srkqcgyr
-------\Service_tgvfsljd
-------\Service_tmyeytbk
-------\Service_tpiwwocw
-------\Service_uqgovcpe
-------\Service_uvyxiehq
-------\Service_uywyvisi
-------\Service_vmskvhis
-------\Service_wayrjbij
-------\Service_wiqcqshl
-------\Service_wlryfvmn
-------\Service_wluefyoa
-------\Service_wolwliit
-------\Service_wvsyfnkj
-------\Service_xaaszano
-------\Service_xcnkzzti
-------\Service_xjnzyttd
-------\Service_yaoqwpdl
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Dropbox2\AppData\Local\temp
2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Dropbox1\AppData\Local\temp
2012-04-19 02:01 . 2012-04-19 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 16:16 . 2012-04-19 02:03 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD91FD9-A8A2-4FD5-911B-6B438F29DA61}\offreg.dll
2012-04-18 15:05 . 2012-04-18 15:05 -------- d-----w- c:\windows\en
2012-04-18 14:57 . 2012-03-08 10:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-18 14:47 . 2012-04-18 14:47 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-18 14:32 . 2012-04-18 14:32 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\1c79d1751cd1d7003\bingbarsetup.exe
2012-04-18 14:31 . 2012-04-18 14:31 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f09755031cd1d6f02\MeshBetaRemover.exe
2012-04-18 14:31 . 2012-04-18 14:31 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\DXSETUP.exe
2012-04-18 14:31 . 2012-04-18 14:31 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\DSETUP.dll
2012-04-18 14:31 . 2012-04-18 14:31 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebdbcdc31cd1d6f01\dsetup32.dll
2012-04-18 14:21 . 2012-04-18 14:21 -------- d-----w- c:\program files\Evernote
2012-04-18 13:12 . 2012-04-18 13:12 -------- d-----w- c:\program files\Common Files\xing shared
2012-04-18 13:10 . 2012-04-18 13:10 -------- d-----w- c:\program files\Foxit Software
2012-04-18 09:56 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD91FD9-A8A2-4FD5-911B-6B438F29DA61}\mpengine.dll
2012-04-18 08:25 . 2012-04-18 08:25 -------- d-----w- c:\users\Cheung\AppData\Roaming\SkypePM
2012-04-18 01:02 . 2012-04-18 03:00 -------- d-----w- C:\ComboFix
2012-04-17 12:42 . 2012-04-17 12:42 -------- d-----w- c:\program files\Common Files\Java
2012-04-17 12:42 . 2012-04-17 12:42 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-17 12:30 . 2012-04-17 12:30 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-17 12:30 . 2012-04-17 12:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-04-17 03:05 . 2012-04-17 03:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 08:00 . 2012-04-16 08:00 -------- d-----w- c:\program files\FileHippo.com
2012-04-14 10:08 . 2012-04-14 10:08 -------- d-----w- c:\users\Cheung\AppData\Local\adaware
2012-04-14 10:08 . 2012-04-14 10:08 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-14 10:07 . 2011-04-05 09:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-14 10:07 . 2011-04-05 09:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-14 10:07 . 2011-04-05 09:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-14 10:07 . 2011-02-08 01:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-14 10:07 . 2012-04-14 10:07 -------- d-----w- c:\programdata\Lavasoft
2012-04-14 10:07 . 2012-04-18 09:49 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-14 10:04 . 2012-04-16 09:24 -------- d-----w- c:\users\Cheung\AppData\Roaming\Ad-Aware Antivirus
2012-04-13 16:34 . 2010-11-26 10:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 16:34 . 2012-04-13 16:34 -------- d-----w- c:\program files\IObit
2012-04-13 16:29 . 2012-04-13 16:29 -------- d-----w- c:\program files\OpenDrive
2012-04-12 09:08 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:04 . 2012-04-11 08:04 -------- d--h--w- c:\windows\AxInstSV
2012-04-11 07:39 . 2012-04-12 09:05 -------- d-----w- c:\users\DB
2012-04-04 04:16 . 2012-04-04 04:17 -------- d-----w- c:\program files\Megacloud
2012-04-04 04:08 . 2012-04-04 04:09 -------- d-----w- c:\program files\Spectromancer
2012-04-04 03:29 . 2012-04-04 03:29 -------- d-----w- c:\users\Cheung\AppData\Local\OpenDrive
2012-04-03 09:20 . 2012-04-19 06:11 -------- d-----w- c:\users\Cheung\AppData\Roaming\Fiabee
2012-04-03 09:19 . 2012-04-03 09:19 -------- d-----w- c:\program files\Tuso
2012-03-26 08:13 . 2012-03-26 08:13 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-26 07:56 . 2012-04-19 01:36 -------- d-----w- c:\users\Cheung\.gstreamer-0.10
2012-03-26 07:48 . 2012-03-26 07:48 -------- d-----w- c:\programdata\Motorola Media Link
2012-03-26 07:48 . 2012-03-26 07:48 -------- d-----w- c:\program files\Motorola Mobility
2012-03-26 07:45 . 2012-04-19 06:11 -------- d-----w- c:\users\Cheung\AppData\Roaming\MotoCast
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 15:06 . 2006-09-12 04:46 227328 --sha-r- c:\windows\system32\ac3DX.ax
2012-03-22 15:06 . 2006-08-16 07:53 175104 --sha-r- c:\windows\system32\CoreAAC.ax
2012-03-22 15:06 . 2006-01-12 16:23 123904 --sha-r- c:\windows\system32\AVCDX.ax
2012-03-22 15:06 . 2005-02-22 09:55 81920 --sha-r- c:\windows\system32\aac_parser.ax
2012-03-22 15:06 . 2005-01-17 16:26 179200 --sha-r- c:\windows\system32\DiracSplitter.ax
2012-03-22 15:06 . 2003-12-07 00:59 97280 --sha-r- c:\windows\system32\FLACDX.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 12:43 . 2011-06-26 00:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 12:42 . 2011-06-24 23:18 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-17 03:08 . 2011-06-25 11:43 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-16 01:48 . 2012-03-16 01:48 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-03-14 02:15 . 2011-06-25 03:24 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-08 10:50 . 2012-03-08 10:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 10:37 . 2012-03-08 10:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 05:37 . 2012-04-12 09:08 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:29 . 2012-04-12 09:08 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:11 . 2012-04-12 09:19 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-17 05:34 . 2012-03-14 13:14 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 13:14 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 13:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 13:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 09:40 . 2012-02-10 09:41 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20863C96-A9D1-4B85-BB1A-D10691BC006B}\gapaengine.dll
2012-02-10 05:38 . 2012-03-14 13:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-09 14:43 . 2012-02-09 14:43 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-09 14:43 . 2012-02-09 14:43 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-09 14:43 . 2012-02-09 14:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-09 14:43 . 2012-02-09 14:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-09 14:43 . 2012-02-09 14:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-09 14:43 . 2012-02-09 14:43 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-09 14:43 . 2012-02-09 14:43 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-09 14:43 . 2012-02-09 14:43 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-09 14:43 . 2012-02-09 14:43 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-09 14:43 . 2012-02-09 14:43 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-09 14:43 . 2011-02-22 18:57 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-09 14:43 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-03 03:54 . 2012-03-14 13:19 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-06-24 09:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:58 . 2012-01-25 05:58 23808 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 05:57 . 2012-01-25 05:57 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-01-25 05:57 . 2012-01-25 05:57 8448 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 05:57 . 2012-01-25 05:57 20864 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-01-25 05:32 . 2012-03-14 13:13 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 13:13 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 13:13 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2006-05-03 03:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 04:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 06:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 16:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09}]
2012-01-28 06:44 760136 ----a-w- c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-05-09 08:49 176936 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1B5498A8-C09C-43DD-89FC-67803840387E}"= "c:\windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll" [2012-01-28 760136]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
.
[HKEY_CLASSES_ROOT\clsid\{1b5498a8-c09c-43dd-89fc-67803840387e}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.PrimadeskToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{FC7DF02D-B3FD-440D-B35C-EF63E4EEFB23}]
[HKEY_CLASSES_ROOT\PrimaDeskPlugin.Primadesk]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2011-05-09 176936]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\GoBox\gobox.dll" [2012-03-02 311296]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B6A6A745-D1AA-4281-A47C-E49EE5EC32D2}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSOComplete]
@="{F0DEA1E7-0A07-490d-A2F8-6E711A576463}"
[HKEY_CLASSES_ROOT\CLSID\{F0DEA1E7-0A07-490d-A2F8-6E711A576463}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01_TUSODownloading]
@="{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}"
[HKEY_CLASSES_ROOT\CLSID\{1C1F6216-1E43-477E-97FD-5B01B1FA4A91}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03_TUSOInProgress]
@="{342DF534-1707-4bcb-A8AE-12790BB89C8E}"
[HKEY_CLASSES_ROOT\CLSID\{342DF534-1707-4bcb-A8AE-12790BB89C8E}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04_TUSOSharedComplete]
@="{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}"
[HKEY_CLASSES_ROOT\CLSID\{CDE9DB0C-9BA7-4F76-9648-640A72F947B9}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05_TUSODefault]
@="{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}"
[HKEY_CLASSES_ROOT\CLSID\{FEC65B2E-C397-41ba-9F21-00D3E506C5BC}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06_TUSOLink]
@="{5FD2AA18-24C0-4A27-9824-AC5AF745369E}"
[HKEY_CLASSES_ROOT\CLSID\{5FD2AA18-24C0-4A27-9824-AC5AF745369E}]
2012-03-27 07:12 3795456 ----a-w- c:\program files\Tuso\Fiabee Sync\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0OpenDrive_ShellOverlayIcon]
@="{3268FFAC-39F2-4058-BE09-7396DB121F4A}"
[HKEY_CLASSES_ROOT\CLSID\{3268FFAC-39F2-4058-BE09-7396DB121F4A}]
2012-03-10 04:04 3153584 ----a-w- c:\program files\OpenDrive\OpenDrive.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{0367BF0F-7636-43AF-A152-E935D61A0203}"
[HKEY_CLASSES_ROOT\CLSID\{0367BF0F-7636-43AF-A152-E935D61A0203}]
2011-12-02 10:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt1]
@="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
[HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt2]
@="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
[HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IDriveSyncExt3]
@="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
[HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
2011-09-15 09:25 573440 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-04-11 07:06 221840 ----a-w- c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 10:37 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-03-16 01:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.

 

[NathanC]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"Akamai NetSession Interface"="c:\users\Cheung\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"IDSyncStartup"="c:\idsync\IDSyncStartup.exe" [2011-09-14 95704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-03-26 1981]
"Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
"Zune Launcher"="c:\program files\Zune1\ZuneLauncher.exe" [2011-08-05 159456]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2011-06-08 5694792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1313672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Intel AppUp(SM) center"="c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk" [2011-06-24 1311]
"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 177384]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Fiabee"="c:\program files\Tuso\Fiabee Sync\Fiabee.exe" [2012-03-27 9892336]
"OpenDrive Tray"="c:\program files\OpenDrive\OpenDrive_Tray.exe" [2012-03-10 4341424]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-18 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24242056]
.
c:\users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-29 1014112]
GoBox.lnk - c:\program files\GoBox\gobox_desktop.exe [2012-3-2 491520]
IDriveSync Tray.lnk - c:\idsync\IDSyncTray.exe [2012-3-2 1775064]
MangoApps Desktop.lnk - c:\program files\MangoApps Desktop\MangoApps Desktop.exe [2012-3-9 142336]
MegaCloud.lnk - c:\users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe [2011-11-28 10755728]
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
PortableApps.lnk - c:\portable apps\Start.exe [2011-12-8 145920]
qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-6-27 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-6-27 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-6-27 102400]
Windows Live Mesh.lnk - c:\program files\Windows Live\Mesh\WLSync.exe [2012-3-8 1449824]
Wuala.lnk - c:\users\Cheung\AppData\Roaming\Wuala\Wuala.exe [2012-2-27 451504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Cheung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-26 21:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-05-20 08:56 724536 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 05:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
2012-03-19 20:32 9413712 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-07-22 06:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-04-18 13:11 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZuneLyricsHelper]
2009-09-06 03:19 61952 ----a-w- c:\program files\Zune Addons\Zune Lyrics\ZuneNowPlaying.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 ujpmglgd;ujpmglgd;c:\windows\system32\drivers\ujpmglgd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-20 2214504]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 252576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 20864]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 23808]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune1\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2011-01-06 13440]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 296336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 242240]
S1 ISODisk;ISODisk; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2011-06-09 144856]
S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 464224]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 189792]
S2 wrapper;theSkyNet;c:\program files\theSkyNet\wrapper-windows-x86-32.exe [2011-05-25 431896]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-12 49152]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
btkrnl
ADSMService
viaagp1
pcx1nd5
dmboot
LC7981
DCamUSBMke
alcan5wn
Bcim
swupdtmr
SGHIDI
DcCam
pcctlcom
sis162u
ANC
logonsvcid
ftdisk
usnsvc
bdss
icraplus
F700ius
zebrceb
pxfhbus
s125mdfl
RDID1007
SetupSys
symappcore
iastor
btnetfilter
paamsrv
vsdatant
LRMINIPORT
procexp100
FA312
zpcollector
W700mdfl
tsdhd
nvedavt
p2k
ctxcpuusync
SGIR
atierecord
unrealircd
nwlnkipx
se59unic
servidor
ctdvda2k
ndassvc
application
CTERFXFX.DLL
dlaifs_m
autocomplete
AlKernel
msftesql
SbcpHid
cicsclient
vcommmgr
avhook
AcronisOSSReinstallSvc
SymIM
contentfilter
swmidi
ELmou
ZY202_XP
niorbk
adobeversioncue
dot4scan
iviaspi
hcwPVRP2
sprtsvc_dellsupportcenter
wmccds
nvcap
MSSQL$AUTODESKVAULT
cisvc
ccevtmgr
tm_cfw
dlacdbhm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:43]
.
2012-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-22 11:01]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-25 05:40]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
- c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
- c:\users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dreamerz.biz/home.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4 - c:\portable apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll/204
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7984)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Tuso\Fiabee Sync\LIBEAY32.dll
c:\program files\Tuso\Fiabee Sync\SSLEAY32.dll
c:\program files\Tuso\Fiabee Sync\iconv.dll
c:\program files\OpenDrive\OpenDrive.dll
c:\program files\OpenDrive\libssh2.dll
c:\program files\OpenDrive\zlibwapi.dll
c:\program files\Wuala OverlayIcons\OverlayIcon.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\idsync\IDSyncIcon.dll
c:\program files\Megacloud\LivedriveExtensions.dll
c:\users\Dropbox1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\CbFsNetRdr3.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\SyncCenter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\java.exe
c:\idsync\IDSyncCDBManager.exe
c:\windows\system32\conhost.exe
c:\idsync\IDSyncSDBManager.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\idsync\IDSyncClient.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
c:\program files\Motorola Mobility\MotoCast\MotoCast.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\conhost.exe
c:\idsync\IDSNotifier.exe
c:\windows\system32\conhost.exe
c:\portable apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
c:\program files\Windows Live\Mesh\MOE.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\portable apps\PortableApps\dropboxportableahk-hr\dropboxportableahk.exe
c:\portable apps\PortableApps\PortableApps.com\PortableAppsUpdater.exe
c:\program files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
c:\portable apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\portable apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2012-04-19 14:18:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 06:18
ComboFix2.txt 2012-04-18 04:33
.
Pre-Run: 125,846,151,168 bytes free
Post-Run: 121,115,029,504 bytes free
.
- - End Of File - - D899CBCB3FC1F0E20EC2A91A8FAB2B43

 

[Broni]

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[NathanC]

PC doing heaps better....faster (thanks) but i am getting a BSOD when shutting down (I'll get to that one later).

OTL logfile created on: 20/04/2012 10:10:46 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Cheung\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 24.56% Memory free
6.50 Gb Paging File | 3.65 Gb Available in Paging File | 56.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 419.99 Gb Total Space | 116.41 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
Drive D: | 511.52 Gb Total Space | 134.98 Gb Free Space | 26.39% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 71.26 Gb Free Space | 15.30% Space Free | Partition Type: NTFS

Computer Name: CHEUNG-DESKTOP | User Name: Cheung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 21:11:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/17 23:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012/04/17 23:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012/04/17 20:42:08 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
PRC - [2012/04/17 09:19:19 | 001,506,304 | ---- | M] (nionsoftware) -- C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\DropboxPortableAHK.exe
PRC - [2012/04/17 09:19:15 | 001,506,304 | ---- | M] (nionsoftware) -- C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\DropboxPortableAHK.exe
PRC - [2012/04/11 15:06:50 | 010,755,728 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 13:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/29 13:36:30 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/03/27 15:19:50 | 009,892,336 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
PRC - [2012/03/26 15:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
PRC - [2012/03/20 04:32:24 | 009,413,712 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/03/16 09:48:46 | 000,157,920 | ---- | M] () -- C:\Program Files\Megacloud\VSSService.exe
PRC - [2012/03/16 09:45:40 | 001,636,864 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\Megacloud\Livedrive.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/10 12:03:56 | 004,341,424 | ---- | M] (geeNian Inc.) -- C:\Program Files\OpenDrive\OpenDrive_Tray.exe
PRC - [2012/02/29 10:03:48 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
PRC - [2012/02/29 10:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
PRC - [2012/02/27 19:06:40 | 000,451,504 | ---- | M] (LaCie) -- C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe
PRC - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012/02/15 07:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/02 05:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/02 05:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2012/01/23 12:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 12:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/12/08 17:21:38 | 001,896,624 | ---- | M] (PortableApps.com) -- C:\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
PRC - [2011/11/18 17:01:20 | 001,775,064 | ---- | M] (Pro Softnet Corp.) -- C:\IDSync\IDSyncTray.exe
PRC - [2011/10/21 17:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/14 11:36:22 | 002,037,208 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\IDSync\IDSyncClient.exe
PRC - [2011/09/14 11:35:36 | 000,046,552 | ---- | M] () -- C:\IDSync\IDSyncCDBManager.exe
PRC - [2011/09/14 11:35:10 | 000,185,816 | ---- | M] () -- C:\IDSync\IDSNotifier.exe
PRC - [2011/09/02 08:42:06 | 024,194,416 | ---- | M] (Dropbox, Inc.) -- C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 08:42:06 | 024,194,416 | ---- | M] (Dropbox, Inc.) -- C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune1\ZuneLauncher.exe
PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/02 02:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/07/02 02:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
PRC - [2011/06/09 18:20:50 | 000,144,856 | ---- | M] (Pro Softnet Corporation, U.S.A) -- C:\IDSync\IDSyncService.exe
PRC - [2011/05/26 00:21:10 | 000,431,896 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
PRC - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/06 15:57:26 | 000,028,672 | ---- | M] () -- C:\IDSync\IDSyncSDBManager.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 20:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/12/01 22:26:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/30 11:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
PRC - [2010/06/17 05:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/03/15 16:00:46 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/03/15 15:33:52 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010/03/15 15:32:38 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2009/09/29 17:56:26 | 000,464,224 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2009/09/29 17:56:26 | 000,189,792 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2009/09/29 17:56:04 | 000,226,536 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe
PRC - [2009/09/16 11:34:20 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/16 11:34:02 | 000,148,776 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
PRC - [2009/09/08 18:07:24 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe
PRC - [2009/02/14 14:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/20 09:44:43 | 000,160,256 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\ZumoLocalGateway.dll4230952433147156053.lib
MOD - [2012/04/20 09:44:35 | 000,314,368 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\WindowsFolderWatcher.dll1509960396461356576.lib
MOD - [2012/04/20 09:42:59 | 000,205,824 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\WindowsAPI.dll5528338571454188678.lib
MOD - [2012/04/19 14:10:58 | 000,509,440 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
MOD - [2012/04/18 23:25:15 | 000,364,032 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Wuala\Program0\lib.395\jcbfs3.dll
MOD - [2012/04/18 23:25:15 | 000,165,376 | ---- | M] () -- C:\Users\Cheung\AppData\Local\Wuala\Program0\lib.395\orangevolt-4n-1.1.2.dll
MOD - [2012/04/12 20:49:37 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 20:35:26 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/12 20:34:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 20:34:52 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/11 15:06:50 | 010,755,728 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
MOD - [2012/04/11 15:06:44 | 000,221,840 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
MOD - [2012/03/29 12:33:34 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/03/29 12:33:34 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/03/27 15:19:50 | 009,892,336 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
MOD - [2012/03/27 14:34:08 | 001,070,592 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\ServerTransferLibrary.dll
MOD - [2012/03/16 09:43:12 | 000,614,912 | ---- | M] () -- C:\Program Files\Megacloud\Livedrive.Localisation.dll
MOD - [2012/03/10 12:00:48 | 000,090,800 | ---- | M] () -- C:\Program Files\OpenDrive\OpenDrive_ShellUtils.dll
MOD - [2012/03/07 18:05:30 | 000,350,720 | ---- | M] () -- C:\Program Files\OpenDrive\libcurl.dll
MOD - [2012/03/07 18:05:00 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenDrive\libssh2.dll
MOD - [2012/02/29 10:03:48 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2012/02/29 10:03:48 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2012/02/29 10:03:48 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
MOD - [2012/02/29 10:03:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll
MOD - [2012/02/29 10:03:48 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
MOD - [2012/02/29 10:03:48 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2012/02/29 10:03:48 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2012/02/29 10:03:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
MOD - [2012/02/29 10:03:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2012/02/29 10:03:48 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
MOD - [2012/02/29 10:03:48 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
MOD - [2012/02/29 10:03:48 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2012/02/29 10:03:48 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll
MOD - [2012/02/29 10:03:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
MOD - [2012/02/29 10:03:48 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2012/02/29 10:03:48 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
MOD - [2012/02/29 10:03:48 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2012/02/29 10:03:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll
MOD - [2012/02/29 10:03:48 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2012/02/29 10:03:48 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
MOD - [2012/02/29 10:03:48 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll
MOD - [2012/02/29 10:03:48 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2012/02/29 10:03:48 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2012/02/29 10:03:48 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
MOD - [2012/02/29 10:03:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2012/02/29 10:03:48 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
MOD - [2012/02/29 10:03:48 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
MOD - [2012/02/29 10:03:48 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
MOD - [2012/02/29 10:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
MOD - [2012/02/29 10:03:48 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2012/02/29 10:03:48 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
MOD - [2012/02/29 10:03:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
MOD - [2012/02/29 10:03:48 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
MOD - [2012/02/29 10:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
MOD - [2012/02/29 10:03:48 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
MOD - [2012/02/29 10:03:48 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
MOD - [2012/02/29 10:03:48 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2012/02/29 10:03:48 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
MOD - [2012/02/29 10:03:48 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2012/02/29 10:03:48 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
MOD - [2012/02/29 10:03:48 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
MOD - [2012/02/29 10:03:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2012/02/29 10:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll
MOD - [2012/02/29 10:03:48 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
MOD - [2012/02/29 10:03:48 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
MOD - [2012/02/29 10:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
MOD - [2012/02/29 10:03:48 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
MOD - [2012/02/29 10:03:48 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2012/02/29 10:03:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
MOD - [2012/02/29 10:03:48 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
MOD - [2012/02/29 10:03:48 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
MOD - [2012/02/29 10:03:48 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
MOD - [2012/02/29 10:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
MOD - [2012/02/29 10:03:48 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
MOD - [2012/02/29 10:03:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
MOD - [2012/02/29 10:03:48 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
MOD - [2012/02/29 10:03:48 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2012/02/29 10:03:48 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
MOD - [2012/02/29 10:03:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
MOD - [2012/02/29 10:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
MOD - [2012/02/29 10:03:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
MOD - [2012/02/29 10:03:48 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
MOD - [2012/02/29 10:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
MOD - [2012/02/29 10:03:48 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
MOD - [2012/02/29 10:03:48 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
MOD - [2012/02/29 10:03:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
MOD - [2012/02/29 10:03:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
MOD - [2012/02/29 10:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
MOD - [2012/02/29 10:03:48 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
MOD - [2012/02/29 10:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2012/02/29 10:03:48 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2012/02/29 10:03:48 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
MOD - [2012/02/29 10:03:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2012/02/29 10:03:48 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll
MOD - [2012/02/29 10:03:48 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll
MOD - [2012/02/29 10:03:46 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
MOD - [2012/02/29 10:03:46 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
MOD - [2012/02/29 10:03:46 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
MOD - [2012/02/29 10:03:46 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
MOD - [2012/02/29 10:03:46 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2012/02/29 10:03:46 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
MOD - [2012/02/29 10:03:46 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll
MOD - [2012/02/29 10:03:46 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
MOD - [2012/02/29 10:03:46 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2012/02/29 10:03:46 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
MOD - [2012/02/29 10:03:46 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll
MOD - [2012/02/29 10:03:46 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/16 15:39:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/16 09:43:43 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
MOD - [2012/02/16 09:43:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 09:43:35 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 09:43:34 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/16 09:43:34 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
MOD - [2012/02/16 09:43:30 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
MOD - [2012/02/16 09:42:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74a1075c047edd51ba44cebf5ecf715c\System.Xml.ni.dll
MOD - [2012/02/16 09:42:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 09:42:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/02 05:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/10/19 09:06:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/14 11:35:10 | 000,185,816 | ---- | M] () -- C:\IDSync\IDSNotifier.exe
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/08/01 15:56:30 | 000,074,240 | ---- | M] () -- C:\Program Files\OpenDrive\zlibwapi.dll
MOD - [2011/07/28 15:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files\Megacloud\AlphaFS.dll
MOD - [2011/07/02 02:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/02 02:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/15 14:02:05 | 000,901,600 | ---- | M] () -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
MOD - [2011/01/27 00:37:42 | 003,622,128 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2010/12/01 22:26:38 | 000,195,584 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\libgsoap.dll
MOD - [2010/12/01 22:26:36 | 000,400,384 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\sqlite3.dll
MOD - [2010/12/01 22:26:36 | 000,375,808 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtXml4.dll
MOD - [2010/12/01 22:26:36 | 000,322,048 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\log4cplus.dll
MOD - [2010/12/01 22:26:36 | 000,013,312 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\featureController.dll
MOD - [2010/12/01 22:26:35 | 002,452,992 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtCore4.dll
MOD - [2010/12/01 22:26:35 | 001,008,640 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010/12/01 22:26:34 | 000,062,464 | ---- | M] () -- C:\Program Files\IntelAppUp\IntelAppStore\bin\zlib1.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/14 17:34:36 | 000,194,048 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\curllib.dll
MOD - [2010/07/14 17:34:36 | 000,110,592 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\openldap.dll
MOD - [2010/07/14 17:34:36 | 000,065,536 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\libsasl.dll
MOD - [2010/07/14 17:30:44 | 002,099,200 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\QtCore4.dll
MOD - [2010/07/14 17:23:58 | 007,816,192 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\QtGui4.dll
MOD - [2010/07/14 16:42:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Tuso\Fiabee Sync\zlib1.dll
MOD - [2010/06/17 05:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/09/29 17:56:28 | 000,034,024 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLSchedps.dll
MOD - [2009/09/29 17:56:26 | 000,312,680 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2009/09/29 17:56:26 | 000,042,216 | ---- | M] () -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\CLCapSvcps.dll
MOD - [2009/09/16 11:34:26 | 000,873,768 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/16 11:34:16 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvcPS.dll
MOD - [2009/06/11 05:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/14 14:37:32 | 004,142,080 | ---- | M] () -- C:\Program Files\Qlock\qlock.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavreport.dll -- (zpcollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bb-run.dll -- (wmccds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GVCplDrv.dll -- (vsdatant)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\starwindserviceae.dll -- (viaagp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (unrealircd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\carboniteservice.dll -- (tm_cfw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\es1371.dll -- (servidor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tb2launch.dll -- (se59unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimusb.dll -- (procexp100)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UMPass.dll -- (pcx1nd5)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (pcctlcom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GcKernel.dll -- (paamsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Eunic.dll -- (nwlnkipx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMFLT.dll -- (nvcap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SNMP.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTIDrvr.dll -- (MSSQL$AUTODESKVAULT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaRdPnp.dll -- (LRMINIPORT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EU3_USB.dll -- (LC7981)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimTV5.dll -- (iviaspi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MailService.dll -- (iastor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ma_cmidi_installerservice.dll -- (hcwPVRP2)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI -- (Fabs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58obex.dll -- (FA312)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nimcrpcsu.dll -- (dot4scan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmboot.dll -- (dmboot)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSIRCOMM.dll -- (dlacdbhm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlartl_n.dll -- (DCamUSBMke)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\beatjamupnpmusicserver.dll -- (ctdvda2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7updsvc.dll -- (cisvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdfdll.dll -- (ccevtmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATNT40K.dll -- (btkrnl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lktimesync.dll -- (Bcim)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMPR5.dll -- (application)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\videX32.dll -- (ADSMService)
SRV - [2012/04/17 20:43:55 | 000,252,576 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/28 12:38:11 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/16 09:48:46 | 000,157,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Megacloud\VSSService.exe -- (MegacloudVSSService)
SRV - [2012/02/16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/02/02 05:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/23 12:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/10/07 22:41:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune1\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/07/02 02:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/07/02 02:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)

 

[NathanC]

SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/09 18:20:50 | 000,144,856 | ---- | M] (Pro Softnet Corporation, U.S.A) [Auto | Running] -- C:\IDSync\IDSyncService.exe -- (IDSyncService)
SRV - [2011/05/26 00:21:10 | 000,431,896 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe -- (wrapper)
SRV - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/08/30 11:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 17:56:26 | 000,464,224 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2009/09/29 17:56:26 | 000,189,792 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/21 10:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\xampp\service.exe -- (XAMPP)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujpmglgd.sys -- (ujpmglgd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Cheung\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/17 20:30:30 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/25 13:58:00 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/01/25 13:57:48 | 000,024,192 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2012/01/25 13:57:44 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2012/01/25 13:57:36 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/12/02 18:37:10 | 000,296,336 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/11/08 12:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/07/28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/07/19 21:14:36 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2011/05/25 07:40:12 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/05/25 07:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/01/06 11:29:20 | 000,013,440 | ---- | M] (NoteBurn Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ntcdrdrv.sys -- (ntcdrdrv)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/12/02 15:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/12/02 15:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 15:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/12/02 15:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/11 17:18:08 | 000,070,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys -- (mvd22)
DRV - [2010/08/11 17:15:48 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys -- (mdf16)
DRV - [2010/02/16 12:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/10/13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dreamerz.biz/home.htm
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 50 6D 54 A2 7D CC 01 [binary data]
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{05799638-0D3B-4e23-9A83-52B86197D709}: "URL" = http://www.linkedin.com/search?search= &reset= &searchOrigin=I&keywords={searchTerms}
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{38B41D2F-5F4C-46E8-8AD1-DC616BCCBE5E}: "URL" = http://www.bigoven.com/private/searchrecipes.aspx?title={searchTerms}&source=IE
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\SearchScopes\{5C8A9EA7-CF11-4DA1-A65E-81E33B8F1357}: "URL" = http://www.graysonline.com/Search.aspx?q={searchTerms}
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;127.0.0.1:9421;<local>

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/04/20 08:20:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Users\Cheung\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Cheung\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Cheung\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cheung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cheung\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/02 13:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/14 18:02:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/18 21:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/02 13:05:06 | 000,000,000 | ---D | M]

[2012/03/08 22:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions
[2012/03/08 22:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/06/25 13:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Extensions\xulrunner@yoono.com
[2012/04/18 17:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions
[2012/03/22 23:09:23 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/09/28 12:50:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\extensions\ffxtlbr@babylon.com
[2012/03/27 10:05:52 | 000,002,230 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Mozilla\Firefox\Profiles\tgmbbbcf.default\searchplugins\SearchTheWeb.xml
[2012/04/18 21:12:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Cheung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/04/19 14:09:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEToolbarBHO Class) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (PrimaDesk Login Helper) - {7AEC5D7C-9BA0-4A13-AB5D-244E4276FC09} - C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll (PrimaDesk, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Megacloud\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PrimadeskToolbar) - {1B5498A8-C09C-43DD-89FC-67803840387E} - C:\Windows\Downloaded Program Files\CONFLICT.3\npPrimaDeskPlugin.dll (PrimaDesk, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (GoBox) - {6A719530-8443-4898-9BC4-69E76B5F1C89} - C:\Program Files\GoBox\gobox.dll (AddOn Exchange, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (GoBox) - {6A719530-8443-4898-9BC4-69E76B5F1C89} - C:\Program Files\GoBox\gobox.dll (AddOn Exchange, Inc.)
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Fiabee] C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe ()
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe ()
O4 - HKLM..\Run: [OpenDrive Tray] C:\Program Files\OpenDrive\OpenDrive_Tray.exe (geeNian Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\Trayserver_EN.exe (MAGIX AG)
O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune1\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Akamai NetSession Interface] C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [BIBLauncher] C:\Program Files\Business-in-a-Box\BIBLauncher.exe ()
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [IDSyncStartup] C:\IDSync\IDSyncStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Livedrive] C:\Program Files\Megacloud\Livedrive.exe (Livedrive Internet Ltd)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoBox.lnk = C:\Program Files\GoBox\gobox_desktop.exe (AddOn Exchange, Inc.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDriveSync Tray.lnk = C:\IDSync\IDSyncTray.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MangoApps Desktop.lnk = C:\Program Files\MangoApps Desktop\MangoApps Desktop.exe ()
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud.lnk = C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe ()
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.lnk = C:\Portable Apps\Start.exe (PortableApps.com)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files\Qlock\qlock.exe ()
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O4 - Startup: C:\Users\Dropbox1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cheung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Dropbox2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4 - C:\Portable Apps\PortableApps\EvernotePortable\App\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Linked&In Search - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} https://www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll (PrimaDesk FileInfo Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/28 11:15:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: btkrnl - %systemroot%\system32\ATNT40K.dll File not found
NetSvcs: ADSMService - %systemroot%\system32\videX32.dll File not found
NetSvcs: viaagp1 - %systemroot%\system32\starwindserviceae.dll File not found
NetSvcs: pcx1nd5 - %systemroot%\system32\UMPass.dll File not found
NetSvcs: dmboot - %systemroot%\system32\dmboot.dll File not found
NetSvcs: LC7981 - %systemroot%\system32\EU3_USB.dll File not found
NetSvcs: DCamUSBMke - %systemroot%\system32\dlartl_n.dll File not found
NetSvcs: alcan5wn - File not found
NetSvcs: Bcim - %systemroot%\system32\lktimesync.dll File not found
NetSvcs: swupdtmr - File not found
NetSvcs: SGHIDI - File not found
NetSvcs: DcCam - File not found
NetSvcs: pcctlcom - \.\globalroot\C:\Windows\system32\svchost.exe File not found
NetSvcs: sis162u - File not found
NetSvcs: ANC - File not found
NetSvcs: logonsvcid - File not found
NetSvcs: ftdisk - File not found
NetSvcs: usnsvc - File not found
NetSvcs: bdss - File not found
NetSvcs: icraplus - File not found
NetSvcs: F700ius - File not found
NetSvcs: zebrceb - File not found
NetSvcs: pxfhbus - File not found
NetSvcs: s125mdfl - File not found
NetSvcs: RDID1007 - File not found
NetSvcs: SetupSys - File not found
NetSvcs: symappcore - File not found
NetSvcs: iastor - %systemroot%\system32\MailService.dll File not found
NetSvcs: btnetfilter - File not found
NetSvcs: paamsrv - %systemroot%\system32\GcKernel.dll File not found
NetSvcs: vsdatant - %systemroot%\system32\GVCplDrv.dll File not found
NetSvcs: LRMINIPORT - %systemroot%\system32\MaRdPnp.dll File not found
NetSvcs: procexp100 - %systemroot%\system32\rimusb.dll File not found
NetSvcs: FA312 - %systemroot%\system32\se58obex.dll File not found
NetSvcs: zpcollector - %systemroot%\system32\pavreport.dll File not found
NetSvcs: W700mdfl - File not found
NetSvcs: tsdhd - File not found
NetSvcs: nvedavt - File not found
NetSvcs: p2k - File not found
NetSvcs: ctxcpuusync - File not found
NetSvcs: SGIR - File not found
NetSvcs: atierecord - File not found
NetSvcs: unrealircd - %systemroot%\system32\cvspydr2.dll File not found
NetSvcs: nwlnkipx - %systemroot%\system32\se2Eunic.dll File not found
NetSvcs: se59unic - %systemroot%\system32\tb2launch.dll File not found
NetSvcs: servidor - %systemroot%\system32\es1371.dll File not found
NetSvcs: ctdvda2k - %systemroot%\system32\beatjamupnpmusicserver.dll File not found
NetSvcs: ndassvc - %systemroot%\system32\SNMP.dll File not found
NetSvcs: application - %systemroot%\system32\MREMPR5.dll File not found
NetSvcs: CTERFXFX.DLL - File not found
NetSvcs: dlaifs_m - File not found
NetSvcs: autocomplete - File not found
NetSvcs: AlKernel - File not found
NetSvcs: msftesql - File not found
NetSvcs: SbcpHid - File not found
NetSvcs: cicsclient - File not found
NetSvcs: vcommmgr - File not found
NetSvcs: avhook - File not found
NetSvcs: AcronisOSSReinstallSvc - File not found
NetSvcs: SymIM - File not found
NetSvcs: contentfilter - File not found
NetSvcs: swmidi - File not found
NetSvcs: ELmou - File not found
NetSvcs: ZY202_XP - File not found
NetSvcs: niorbk - File not found
NetSvcs: adobeversioncue - File not found
NetSvcs: dot4scan - %systemroot%\system32\nimcrpcsu.dll File not found
NetSvcs: iviaspi - %systemroot%\system32\iAimTV5.dll File not found
NetSvcs: hcwPVRP2 - %systemroot%\system32\ma_cmidi_installerservice.dll File not found
NetSvcs: sprtsvc_dellsupportcenter - %systemroot%\system32\fltmgr.dll File not found
NetSvcs: wmccds - %systemroot%\system32\bb-run.dll File not found
NetSvcs: nvcap - %systemroot%\system32\CAMFLT.dll File not found
NetSvcs: MSSQL$AUTODESKVAULT - %systemroot%\system32\NTIDrvr.dll File not found
NetSvcs: cisvc - %systemroot%\system32\avg7updsvc.dll File not found
NetSvcs: ccevtmgr - %systemroot%\system32\bdfdll.dll File not found
NetSvcs: tm_cfw - %systemroot%\system32\carboniteservice.dll File not found
NetSvcs: dlacdbhm - %systemroot%\system32\MSIRCOMM.dll File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 09:44:08 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{DB68AF3D-8A70-4B10-BB2C-CEDF38EA1BED}
[2012/04/20 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{AF480C92-5A54-4357-A2B1-729B0A22AE43}
[2012/04/19 16:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak
[2012/04/19 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/04/19 16:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/04/19 16:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/19 16:23:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/19 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/19 16:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Download Manager
[2012/04/19 16:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/04/19 14:11:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{53D5BB11-4F50-4365-9F22-C45CECE8EEC6}
[2012/04/19 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B02622FA-5E7B-418A-97EC-E8FCB1DA2D37}

 

[NathanC]

[2012/04/19 14:09:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/18 23:56:11 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3B155616-3D79-451F-99F8-04433A2173A4}
[2012/04/18 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B955F603-71FE-43FD-AFE8-73472388F4AA}
[2012/04/18 23:05:53 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/18 22:47:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/04/18 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/18 22:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/18 22:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/04/18 22:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2012/04/18 22:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/18 21:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/18 21:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/04/18 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/04/18 17:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/18 17:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/04/18 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3B234D68-3F97-48B6-AFCC-4C043068A38E}
[2012/04/18 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\SkypePM
[2012/04/18 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{E8EC141A-A6F7-4AB2-AEF4-406BCE067A6E}
[2012/04/18 10:27:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1ECD6EEA-492D-48DE-819C-8DA95A3F9850}
[2012/04/18 09:59:58 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{68B96AF3-67B5-4A4C-A36D-A02342AAAB00}
[2012/04/18 09:03:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/18 09:03:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/18 09:03:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/18 09:02:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/18 09:02:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/18 09:01:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/18 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{9EE2CF1B-F63D-4DBE-B672-8F72B3623F92}
[2012/04/17 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{43F20C6D-EBFE-412C-B5CC-AED5B457B242}
[2012/04/17 20:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/17 20:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/04/17 20:30:30 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/04/17 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/04/17 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B48316D6-C584-49A4-9241-3FBE8AE1E7A9}
[2012/04/17 16:02:07 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Cheung\Desktop\boot_cleaner.exe
[2012/04/17 11:55:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cheung\Desktop\aswMBR.exe
[2012/04/17 11:11:30 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{56F14DDE-0F99-49BC-A42A-A91A4976B6AF}
[2012/04/17 11:05:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/17 09:08:57 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{C930C657-C4D5-419A-BDCE-CCDE68B3A091}
[2012/04/16 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1B72F4AF-DAFA-47C1-B040-23068B05EC36}
[2012/04/16 17:23:20 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{48D69A34-2EEC-4C24-A449-A56634FB87D6}
[2012/04/16 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/04/16 15:57:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Cheung\Desktop\TFC.exe
[2012/04/16 15:54:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
[2012/04/16 13:47:40 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
[2012/04/16 13:31:33 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D2D99226-CC43-4594-957D-0B2643789272}
[2012/04/16 10:29:05 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{BF4A0660-038F-4325-BD0C-301A2B0796D6}
[2012/04/15 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{C79FA9A6-6601-4446-BFC2-B73ABCA802FD}
[2012/04/15 17:53:53 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{3F0BF5B6-C2C6-468D-A253-B5F897315C2E}
[2012/04/14 18:52:30 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Remote
[2012/04/14 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{A5B6A3D7-C0BB-402D-A787-D607CEED761C}
[2012/04/14 18:08:06 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\adaware
[2012/04/14 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/14 18:07:52 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012/04/14 18:07:39 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012/04/14 18:07:21 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012/04/14 18:07:21 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/04/14 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/14 18:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/04/14 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
[2012/04/14 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1E392024-CDA3-49EC-93EB-B0DE7AF0972C}
[2012/04/14 00:34:12 | 000,029,016 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/04/14 00:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/04/14 00:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/14 00:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDrive
[2012/04/14 00:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDrive
[2012/04/14 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D6112BD0-2AF7-4B0C-8E20-FAE1BB86F637}
[2012/04/12 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{92DA621C-FF95-4BA4-ABA2-E7B205A5D782}
[2012/04/11 16:04:38 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/04/10 14:47:33 | 000,000,000 | -HSD | C] -- C:\~LD
[2012/04/10 14:41:25 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{60169B06-6F8A-498A-A7B9-643FFF6D2957}
[2012/04/09 20:47:08 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{D6EAA220-7A43-4177-A20E-7C8254733C84}
[2012/04/08 15:46:52 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{6629C97C-6288-42A9-8761-BB259B2D4764}
[2012/04/08 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{DF38BF77-5464-466A-9BAE-D5CE7F1B42DE}
[2012/04/08 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\EverioBackup
[2012/04/08 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\MakeDiscVideo
[2012/04/08 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\PCM4Everio
[2012/04/08 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{EC6D206D-3F26-43D4-AFD5-2218779EC910}
[2012/04/08 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{1185EBEB-4016-40FB-AA88-495E84239EB3}
[2012/04/04 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012/04/04 16:37:06 | 000,000,000 | ---D | C] -- C:\xampp
[2012/04/04 12:17:30 | 000,146,904 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\cbfs.sys
[2012/04/04 12:16:34 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\Megacloud
[2012/04/04 12:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacloud
[2012/04/04 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Megacloud
[2012/04/04 12:14:23 | 000,000,000 | R--D | C] -- C:\Users\Cheung\Documents\Fiabee
[2012/04/04 12:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiabee
[2012/04/04 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spectromancer
[2012/04/04 12:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spectromancer
[2012/04/04 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spectromancer
[2012/04/04 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\OpenDrive
[2012/04/03 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\Fiabee
[2012/04/03 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tuso
[2012/03/27 22:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{BCAA9F1D-1F32-4204-958A-78CE64E21FCF}
[2012/03/26 16:14:29 | 000,000,000 | ---D | C] -- C:\Users\Cheung\Documents\Podcast
[2012/03/26 15:56:44 | 000,000,000 | ---D | C] -- C:\Users\Cheung\.gstreamer-0.10
[2012/03/26 15:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola Media Link
[2012/03/26 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility
[2012/03/26 15:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
[2012/03/26 15:45:56 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Roaming\MotoCast
[2012/03/22 23:10:04 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{B11F8463-3B3C-4EFA-922C-AD55657175C5}
[2012/03/22 23:07:02 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2012/03/22 23:07:02 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2012/03/22 23:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012/03/22 23:07:01 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2012/03/22 23:07:01 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2012/03/22 23:07:01 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2012/03/22 23:07:01 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2012/03/22 23:07:01 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2012/03/22 23:07:01 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2012/03/22 23:07:00 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2012/03/22 23:07:00 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2012/03/22 23:06:59 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2012/03/22 23:06:59 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2012/03/22 22:30:17 | 000,000,000 | ---D | C] -- C:\Users\Cheung\AppData\Local\{367D2617-E872-4FEA-8773-9F8476790042}
[2011/07/16 20:57:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cheung\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Cheung\AppData\Local\*.tmp files -> C:\Users\Cheung\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 09:43:59 | 000,000,952 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud.lnk
[2012/04/20 09:42:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
[2012/04/20 09:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 09:18:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 08:29:19 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 08:29:19 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 08:20:52 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/04/20 08:20:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 08:20:05 | 382,878,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/20 08:20:03 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 16:46:04 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/04/19 16:30:24 | 000,671,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 16:30:24 | 000,128,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 16:21:02 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Download Manager.lnk
[2012/04/19 14:09:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/19 11:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/19 10:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
[2012/04/18 22:36:28 | 000,001,345 | ---- | M] () -- C:\Users\Cheung\Desktop\Media Center.lnk
[2012/04/18 22:21:24 | 000,001,069 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/04/18 22:21:08 | 000,000,894 | ---- | M] () -- C:\Users\Cheung\Desktop\Evernote.lnk
[2012/04/18 21:11:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/04/18 17:48:34 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/18 17:47:46 | 000,000,981 | ---- | M] () -- C:\Users\Cheung\Desktop\Orbit.lnk
[2012/04/18 03:57:01 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
[2012/04/17 20:39:20 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/17 20:30:30 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/04/17 16:01:37 | 000,000,512 | ---- | M] () -- C:\Users\Cheung\Desktop\MBR.dat
[2012/04/17 12:03:34 | 000,044,607 | ---- | M] () -- C:\Users\Cheung\Desktop\bootkit_remover(1).zip
[2012/04/17 08:19:08 | 000,000,512 | ---- | M] () -- C:\Users\Cheung\Documents\MBR.dat
[2012/04/16 15:57:04 | 000,047,810 | ---- | M] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
[2012/04/16 13:47:51 | 000,044,607 | ---- | M] () -- C:\Users\Cheung\Desktop\bootkit_remover.zip
[2012/04/14 23:22:17 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2012/04/14 23:22:16 | 000,001,682 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml
[2012/04/14 18:02:47 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/04/14 00:34:12 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/04/14 00:29:45 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\OpenDrive.lnk
[2012/04/12 21:49:19 | 000,001,073 | ---- | M] () -- C:\Users\Cheung\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/10 18:21:19 | 000,501,478 | ---- | M] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB1.pdf
[2012/04/10 18:19:15 | 000,190,955 | ---- | M] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB.pdf
[2012/04/04 17:29:29 | 000,000,614 | ---- | M] () -- C:\Users\Cheung\Desktop\XAMPP Control Panel.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/04 12:16:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Megacloud Control Panel.lnk
[2012/04/04 12:14:15 | 000,002,583 | ---- | M] () -- C:\Users\Public\Desktop\Fiabee Sync.lnk
[2012/03/28 18:09:37 | 000,028,363 | ---- | M] () -- C:\Users\Cheung\Desktop\Salpac Reimbursement Form.pdf
[2012/03/27 10:21:56 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/03/23 10:18:08 | 000,043,356 | ---- | M] () -- C:\Users\Cheung\Desktop\HCF Receipt 23-03-2012pdf.pdf
[2012/03/22 23:09:38 | 000,010,774 | ---- | M] () -- C:\END
[2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
[2012/03/22 10:21:20 | 000,000,000 | ---- | M] () -- C:\Users\Cheung\AppData\Roaming\bibstats
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Cheung\AppData\Local\*.tmp files -> C:\Users\Cheung\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/19 16:46:04 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/04/19 16:21:02 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Download Manager.lnk
[2012/04/18 22:50:58 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/18 22:49:21 | 000,001,288 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/18 22:42:23 | 000,001,372 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/18 22:37:18 | 000,002,400 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/18 22:36:28 | 000,001,345 | ---- | C] () -- C:\Users\Cheung\Desktop\Media Center.lnk
[2012/04/18 22:21:24 | 000,001,069 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/04/18 22:21:08 | 000,000,894 | ---- | C] () -- C:\Users\Cheung\Desktop\Evernote.lnk
[2012/04/18 09:03:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/18 09:03:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/18 09:03:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/18 09:03:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/18 09:03:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/17 20:39:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/17 16:01:37 | 000,000,512 | ---- | C] () -- C:\Users\Cheung\Desktop\MBR.dat
[2012/04/17 12:03:52 | 000,044,607 | ---- | C] () -- C:\Users\Cheung\Desktop\bootkit_remover(1).zip
[2012/04/17 09:33:04 | 000,302,592 | ---- | C] () -- C:\Users\Cheung\Desktop\gmer.exe
[2012/04/17 08:19:08 | 000,000,512 | ---- | C] () -- C:\Users\Cheung\Documents\MBR.dat
[2012/04/16 16:00:32 | 000,001,917 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/04/16 15:57:04 | 000,047,810 | ---- | C] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
[2012/04/16 15:56:48 | 000,337,137 | ---- | C] () -- C:\Users\Cheung\Desktop\FSS.exe
[2012/04/16 13:47:53 | 000,044,607 | ---- | C] () -- C:\Users\Cheung\Desktop\bootkit_remover.zip
[2012/04/14 23:22:17 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
[2012/04/14 23:22:16 | 000,001,682 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml
[2012/04/14 00:34:12 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/04/14 00:34:12 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/04/14 00:29:45 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\OpenDrive.lnk
[2012/04/10 18:21:19 | 000,501,478 | ---- | C] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB1.pdf
[2012/04/10 18:19:15 | 000,190,955 | ---- | C] () -- C:\Users\Cheung\Desktop\FCO-STEAM COAL GCV 6000-5800 ADB.pdf
[2012/04/04 17:29:29 | 000,000,614 | ---- | C] () -- C:\Users\Cheung\Desktop\XAMPP Control Panel.lnk
[2012/04/04 13:26:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 12:16:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Megacloud Control Panel.lnk
[2012/04/04 12:14:14 | 000,002,583 | ---- | C] () -- C:\Users\Public\Desktop\Fiabee Sync.lnk
[2012/03/28 18:09:37 | 000,028,363 | ---- | C] () -- C:\Users\Cheung\Desktop\Salpac Reimbursement Form.pdf
[2012/03/23 10:18:08 | 000,043,356 | ---- | C] () -- C:\Users\Cheung\Desktop\HCF Receipt 23-03-2012pdf.pdf
[2012/03/22 23:09:34 | 000,010,774 | ---- | C] () -- C:\END
[2012/03/22 23:09:00 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/03/22 23:07:01 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2012/03/22 23:07:01 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012/03/22 23:07:01 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2012/03/22 23:07:00 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2012/03/22 23:07:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2012/03/22 23:07:00 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2012/03/22 23:06:59 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2012/03/22 23:06:59 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2012/03/22 23:06:59 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2012/03/22 23:06:59 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2012/03/02 10:58:25 | 000,026,072 | ---- | C] () -- C:\Windows\System32\IDSyncXceedCryReg.exe
[2012/03/02 10:58:23 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/11/25 18:19:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/11/25 18:17:53 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/11/25 18:14:38 | 000,000,259 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\burnaware.ini
[2011/11/21 09:29:44 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/21 09:29:44 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/13 16:34:51 | 000,009,600 | ---- | C] () -- C:\Windows\System32\drivers\ISODisk.sys
[2011/10/05 16:22:22 | 000,000,000 | ---- | C] () -- C:\Users\Cheung\AppData\Local\{213B2093-6964-4C9C-8C3B-01C9A07DBE5F}
[2011/10/04 14:34:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/28 23:01:41 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/28 13:01:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/09/11 22:28:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/10 16:01:09 | 000,000,048 | ---- | C] () -- C:\Windows\REGKEYNT.INI
[2011/08/10 09:56:38 | 000,001,456 | ---- | C] () -- C:\Users\Cheung\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/03 16:33:36 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/07/22 14:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\bibstats
[2011/07/21 20:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/16 20:57:02 | 000,087,608 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\inst.exe
[2011/07/16 20:57:02 | 000,007,887 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\pcouffin.cat
[2011/07/16 20:57:02 | 000,001,144 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\pcouffin.inf
[2011/07/16 16:22:14 | 000,014,946 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\ekiga.conf
[2011/07/02 13:51:41 | 000,038,438 | ---- | C] () -- C:\Users\Cheung\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/07/02 13:43:39 | 000,059,904 | ---- | C] () -- C:\Users\Cheung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 19:44:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/25 19:43:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2012/04/16 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Ad-Aware Antivirus
[2012/03/16 16:28:16 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\AUSkey
[2012/03/13 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Box.Net
[2011/09/14 13:25:41 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\calibre
[2011/09/03 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Canon
[2012/02/16 11:32:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\DAEMON Tools Lite
[2011/09/13 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\devede
[2012/04/20 09:43:40 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Dropbox
[2011/10/13 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Engage.30494F64709E2F035F2CF77E15FD7FCC2DF52FFE.1
[2012/04/20 09:43:37 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Fiabee
[2011/11/30 16:25:35 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Foxit Software
[2011/07/16 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\GetRightToGo
[2011/06/27 10:49:43 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\GrabPro
[2012/04/18 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\gtk-2.0
[2011/09/02 18:19:14 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Image Zone Express
[2011/09/27 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ImgBurn
[2012/04/14 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\IObit
[2011/10/12 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\LinkedIn
[2011/09/28 22:36:35 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MAGIX
[2012/04/20 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MegaCloud
[2012/04/20 09:45:09 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\MotoCast
[2012/03/26 16:15:55 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\motorola
[2012/03/13 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Mp3tag
[2011/07/02 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Nokia
[2011/07/02 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Nokia Ovi Suite
[2011/07/02 10:34:55 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\OpenCandy
[2011/10/05 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\OpenDNS Updater
[2012/04/19 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Orbit
[2011/07/02 10:50:46 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PC Suite
[2011/12/30 09:56:40 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PFStaticIP
[2011/08/29 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\PowerCinema
[2011/08/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Printer Info Cache
[2011/09/28 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ProgSense
[2011/11/28 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\ProtectDISC
[2011/06/26 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Qlock
[2011/06/25 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Softland
[2011/09/10 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Thinstall
[2012/03/08 22:53:08 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\TomTom
[2011/07/12 10:10:37 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\TuneUpMedia
[2011/11/15 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\uTorrent
[2011/07/16 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Vso
[2012/03/02 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cheung\AppData\Roaming\Wuala
[2012/04/11 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\Dropbox
[2011/06/28 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\GrabPro
[2011/11/03 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\LinkedIn
[2011/10/02 09:18:45 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\Orbit
[2011/08/08 18:27:52 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\PC Suite
[2011/10/02 09:13:58 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\PowerCinema
[2011/10/02 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\Dropbox1\AppData\Roaming\ProgSense
[2012/04/11 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\Dropbox
[2011/10/04 08:59:07 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\Orbit
[2011/10/02 09:25:16 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\PC Suite
[2011/10/02 09:25:11 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\PowerCinema
[2011/10/02 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\Dropbox2\AppData\Roaming\ProgSense
[2012/04/19 09:26:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/04/19 14:18:13 | 000,050,193 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/03 22:08:13 | 000,000,000 | ---- | M] () -- C:\cscript
[2012/03/22 23:09:38 | 000,010,774 | ---- | M] () -- C:\END
[2012/04/20 08:20:03 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 08:50:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/27 15:23:33 | 000,000,114 | ---- | M] () -- C:\ISF_ID.dat
[2011/10/04 10:05:40 | 1858,338,815 | ---- | M] () -- C:\LER0AAW1.iso
[2011/07/16 20:08:10 | 000,001,060 | ---- | M] () -- C:\libSRTP_log.txt
[2011/10/04 08:50:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/20 08:20:06 | 3488,735,232 | -HS- | M] () -- C:\pagefile.sys
[2012/04/17 11:05:54 | 000,174,216 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_17.04.2012_11.03.01_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 12:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 12:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 12:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 05:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/16 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL
[2010/05/16 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL
[2009/07/14 09:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
[2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 20:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/25 08:10:02 | 000,000,221 | -HS- | M] () -- C:\Users\Cheung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2001/06/18 21:12:58 | 000,115,200 | ---- | M] (Adaptec) -- C:\Users\Cheung\Desktop\aspichk.exe
[2012/03/14 03:14:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cheung\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Cheung\Desktop\boot_cleaner.exe
[2012/04/18 03:57:01 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\Cheung\Desktop\ComboFix2.exe
[2012/03/02 00:32:20 | 000,337,137 | ---- | M] () -- C:\Users\Cheung\Desktop\FSS.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Cheung\Desktop\gmer.exe
[2012/03/22 19:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\OTL.exe
[2012/04/16 15:57:04 | 000,047,810 | ---- | M] () -- C:\Users\Cheung\Desktop\SecurityCheck.exe
[2010/07/18 12:46:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Cheung\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/20 09:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 11:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/20 09:42:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 10:18:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 10:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001Core.job
[2012/04/20 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1513340165-2315627287-2917529717-1001UA.job
[2012/04/20 08:20:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/19 09:26:14 | 000,032,640 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/10/04 22:03:17 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/10/04 22:03:17 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/09/01 10:36:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/09/01 10:36:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/16 09:48:29 | 000,000,402 | -HS- | M] () -- C:\Users\Cheung\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/08/27 11:33:09 | 000,000,395 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-17 10:23:52

< >
< End of report >

 

[NathanC]

OTL Extras logfile created on: 20/04/2012 10:10:46 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Cheung\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 24.56% Memory free
6.50 Gb Paging File | 3.65 Gb Available in Paging File | 56.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 419.99 Gb Total Space | 116.41 Gb Free Space | 27.72% Space Free | Partition Type: NTFS
Drive D: | 511.52 Gb Total Space | 134.98 Gb Free Space | 26.39% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 71.26 Gb Free Space | 15.30% Space Free | Partition Type: NTFS

Computer Name: CHEUNG-DESKTOP | User Name: Cheung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"['{F634E3D7-B968-497B-A888-685597C901F6}']" = Spectromancer: Truth and Beauty
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048696C5-327D-40C4-8721-4EFA1943E8B3}" = Megacloud
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}" = Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD62E62-BB98-358E-A807-819354016E05}" = Windows Phone Emulator - ENU
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{12B8E200-99CC-4203-A8D1-4145FC4D0192}" = Microsoft Expression Blend SDK for Windows Phone OS 7.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DC7E0D-9703-4E1D-93D3-1FFF8176CDA9}" = Box for Office
"{1C08D214-A427-A092-0637-8DCE57275145}" = Shufflr
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1EFAF492-9A3B-48C3-9349-234B146FDA46}" = LCP 5.04
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07AA78-79DB-11E1-8313-984BE15F174E}" = Evernote v. 4.5.4
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{305948E4-AA03-C654-E587-EE9A17B4E78E}" = MangoApps Desktop
"{31F6B2A6-B951-4485-8841-787A6F117529}" = My Little Artist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C147B6-35DF-467E-B720-2F1B2C7F47F1}" = SugarSync for Outlook
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46757FE3-EF22-41BA-A359-2D6CEBC74805}" = Zune Lyrics
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{571F75D1-E004-5843-2DA6-12EF943D8B6C}" = Bubblins 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5985DFB7-F04C-4EC5-820A-FD3C56E23A5B}" = OpenDrive
"{5B0E58BD-1F06-4A17-80FB-7C93C5FD039B}" = Lyrics Plugin for iTunes
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{6188052A-97FF-04EA-0480-A6A7FE9011D2}" = Deathrace
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{656458ED-DA77-4C82-AF2F-1640C191A2A7}" = Microsoft Advertising SDK for Windows Phone - ENU
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A7387C0-B74F-47D0-A217-B384E55FE0C9}" = Microsoft XNA Game Studio 4.0 Refresh (Redists)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F33C2E2-5E02-4344-90BC-ED55C48341D2}" = WCF Data Services SDK for Windows Phone
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786D445C-F3D7-35D2-81AA-60DB61F9F552}" = Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BB7C284-EBBF-4FBA-9EA9-D277CF94FADD}" = Bubble Breaker
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89690B51-2E21-4E93-914E-F9CAC5B24A84}" = Microsoft XNA Game Studio Platform Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97F2E8BE-3018-47D2-BC2D-F0B5E92D1BF3}" = Motorola Mobile Drivers Installation 5.5.0
"{981ED060-4769-42D2-99E9-0AC130A87CCF}" = MAGIX Movie Edit Pro 17 Plus Download Version
"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 6, 1, 0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}" = e-Sword
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}" = Windows Phone SDK 7.1 Assemblies
"{9F85A54D-80D8-5D77-890B-005DF68F0960}" = Poxxle
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A240191E-4302-435E-86FC-A5717EF0CF38}" = Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
"{A28ADD27-FD54-4EB1-ABEB-F41428070DC3}" = Fiabee Sync
"{A4CC18F6-DB05-4B03-B724-4128322FA85F}" = Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A721BC43-E63E-3531-B1BF-6A405F9530BD}" = Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A876DDA6-52A9-41FB-B915-A36105ADD14F}" = Bubble Ball Lite
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC26EB1A-8E6D-4DD5-90B7-316C9E73040C}" = MAGIX Screenshare
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5D5054-34F7-4A22-3594-29FF1D025029}_is1" = IHF Handball Challenge 12
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DB953761-E0BF-46C1-A3A3-1584B203C30A}" = DeVeDe
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDCB60A8-AED5-4AF5-A1C3-57664BDA703A}" = Joukuu Lite
"{EE3A5B79-C147-4BD9-952A-E894298C2ACA}" = Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF62AEFF-5588-44A0-BC68-5A4D2B4ECE3B}" = MAGIX Speed burnR (MSI)
"{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
"Akamai" = Akamai NetSession Interface Service
"Avi2Dvd" = Avi2Dvd 0.6.1
"AviSynth" = AviSynth 2.5
"Blend_4.0.30816.0" = Microsoft Expression Blend 4
"BurnAware Free_is1" = BurnAware Free 4.2
"Business-in-a-Box" = Business-in-a-Box
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.littlebigplay.bubblins2.none" = Bubblins 2
"com.oceanbreezegames.poxxle.none" = Poxxle
"com.terrypaton.deathrace.none" = Deathrace
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Ekiga" = Ekiga (remove only)
"Engage.30494F64709E2F035F2CF77E15FD7FCC2DF52FFE.1" = MangoApps Desktop
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.1
"Free ISO Create Wizard_is1" = Free ISO Create Wizard 4.3.9
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"gobox" = GoBox
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome Frame" = Google Chrome Frame
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"GTK2-Runtime" = GTK2-Runtime
"HaaliMkx" = Haali Media Splitter
"HotspotShield" = Hotspot Shield 2.06
"IDriveSync_is1" = IDriveSync version 1.0.1 November 18, 2011
"ImgBurn" = ImgBurn
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"Intel AppUp(SM) center 18988" = Intel AppUp(SM) center
"Jello.Dashboard" = Jello.Dashboard 5.25 beta (Astral)
"jZip" = jZip
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LinkedIn Internet Explorer Toolbar" = LinkedIn Internet Explorer Toolbar
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Movie Edit Pro 17 Plus Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MFG Trader" = MFG Trader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU" = Windows Phone SDK 7.1 - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"Mp3tag" = Mp3tag v2.49
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NoteBurner_is1" = NoteBurner 2.35
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"OpenAL" = OpenAL
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Orbit_is1" = Orbit Downloader
"PFPortChecker" = PFPortChecker 1.0.39
"Picasa 3" = Picasa 3
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"Qlock" = Qlock Lite
"QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.386
"RealPlayer 15.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"shufflr.B44416D205F9BE523726716C5EA9F9A53D22DAAF.1" = Shufflr
"Smart Defrag 2_is1" = Smart Defrag 2
"SugarSync" = SugarSync Manager
"theSkyNet" = theSkyNet
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TuneUpMedia" = TuneUp Companion 2.1.1
"TwInbox" = TwInbox (remove only)
"Unlocker" = Unlocker 1.9.1
"webmmf" = WebM Media Foundation Components
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"xampp" = XAMPP 1.7.7
"X-Lite 1.5_is1" = X-Lite 3.0
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 Refresh
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"229ac04bff1f5679" = Cool Remote Server
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Dulux MyColour4" = Dulux MyColour4
"MegaCloud" = MegaCloud
"Wuala" = Wuala

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GVCplDrv.dll -- (vsdatant)
  DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujpmglgd.sys -- (ujpmglgd)
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;127.0.0.1:9421;<local>
  O3 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - HKU\S-1-5-21-1513340165-2315627287-2917529717-1001..\Run: [AdobeBridge] File not found
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

============================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[NathanC]

.

 

[NathanC]

.

 

[NathanC]

All processes killed
========== OTL ==========
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
File %systemroot%\system32\GVCplDrv.dll not found.
Service ujpmglgd stopped successfully!
Service ujpmglgd deleted successfully!
File C:\Windows\system32\drivers\ujpmglgd.sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1513340165-2315627287-2917529717-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cheung
->Temp folder emptied: 24889129 bytes
->Temporary Internet Files folder emptied: 210648960 bytes
->Java cache emptied: 4172185 bytes
->FireFox cache emptied: 3206483 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 148045 bytes

User: cheunnat
->Temp folder emptied: 0 bytes

User: DB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dropbox1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 301747 bytes
->Flash cache emptied: 56924 bytes

User: Dropbox2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 299611 bytes
->Flash cache emptied: 56468 bytes

User: Nathan Cheung
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 232802 bytes
RecycleBin emptied: 13724664 bytes

Total Files Cleaned = 247.00 mb


[EMPTYJAVA]

User: All Users

User: Cheung
->Java cache emptied: 0 bytes

User: cheunnat

User: DB

User: Default

User: Default User

User: Dropbox1

User: Dropbox2

User: Nathan Cheung

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Cheung
->Flash cache emptied: 0 bytes

User: cheunnat

User: DB

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dropbox1
->Flash cache emptied: 0 bytes

User: Dropbox2
->Flash cache emptied: 0 bytes

User: Nathan Cheung

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04202012_121055
Files\Folders moved on Reboot...
C:\Users\Cheung\AppData\Local\Temp\hsperfdata_Cheung\5060 moved successfully.
C:\Users\Cheung\AppData\Local\Temp\boost_interprocess\mtx moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPEFF6BY\dpsync[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPEFF6BY\up[2].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M14V1TEX\dpsync[2].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M14V1TEX\PugTracker[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\dpsync[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\fastbutton[4].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\page-2[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCTIBY1H\tweet_button.1334389481[1].htm moved successfully.
File\Folder C:\Windows\temp\hsperfdata_CHEUNG-DESKTOP$\3392 not found!
Registry entries deleted on Reboot...

 

[NathanC]

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
TuneUp Companion 2.1.1
Java(TM) 6 Update 29
Java(TM) 7 Update 3
Out of date Java installed!
Adobe Flash Player 11.3.300.214
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

 

[NathanC]

Farbar Service Scanner Version: 16-04-2012
Ran by Cheung (administrator) on 20-04-2012 at 12:27:59
Running from "C:\Users\Cheung\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

[NathanC]

C:\downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI probably a variant of Win32/Agent.GELFBUE trojan deleted - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_11.03.02\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Users\Cheung\Documents\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
C:\Users\Cheung\Documents\New Folder\NATHCORSAIR (F)\fsSetup129.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Windows\Installer\133c6e3c.msi probably a variant of Win32/Agent.GELFBUE trojan deleted - quarantined
C:\Windows.old\Documents and Settings\Cheung\AppData\Local\Application Data\Temp\zbGNjNrjvOief6.exe a variant of Win32/Injector.HGV trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Cheung\Downloads\Microsoft Office Professional Plus 2010 Activated Forever\Office_2010_Professional_Plus_Activated_Forever.iso:load.vbs VBS/Kryptik.D trojan cleaned by deleting - quarantined
D:\Documents and Settings\Nathan Cheung\My Documents\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
D:\downloads\cnet2_ashampoo_burning_studio_6_free_6_80_4312_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\downloads\jZipV1.exe Win32/Toolbar.SearchSuite application deleted - quarantined
D:\downloads\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
D:\downloads\Downloads\Downloads\dupsweep.exe Win32/Adware.ErrorRepairPro application deleted - quarantined
D:\downloads\Downloads\Downloads\SkipScreen-Setup.exe Win32/Toolbar.Zugo application deleted - quarantined
D:\downloads\Downloads\Programs\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\downloads\Downloads\Programs\RegistryGenius.com_Setup.exe Win32/Adware.RegistryGreat application deleted - quarantined
D:\downloads\Downloads\Programs\Password Programs\ariskkey.exe probably a variant of Win32/Agent.CKOPODK trojan deleted - quarantined
D:\downloads\MEP17\Install\Content.exe a variant of Win32/Packed.ZipMonster.A application cleaned by deleting - quarantined
D:\External\Programs\RegistryGenius.com_Setup.exe Win32/Adware.RegistryGreat application deleted - quarantined
D:\External\Programs\Password Programs\ariskkey.exe probably a variant of Win32/Agent.CKOPODK trojan deleted - quarantined
D:\External\Yakka Notebook\Portable Apps\Documents\downloads\fsSetup129.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
D:\Program Files\360Amigo\Uninstall.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
D:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\Samsung\BackUp\Nathan Cheung@CHEUNG\#DOC\Downloads\360amigofreesetup.exe probably a variant of Win32/360Amigo application cleaned by deleting - quarantined
E:\Downloaded Torrents\ACTIVATOR.exe Win32/HackKMS.A application deleted - quarantined
E:\Software\password-folder-setup-beta.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
E:\Software\SoftonicDownloader_for_excalibur.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
E:\Software\SoftonicDownloader_for_hdd-health.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
E:\Software\windows.7.codec.pack.v2.8.0.setup.exe multiple threats deleted - quarantined

 

[NathanC]

Over 10 hours for that scan!!!!

;-)

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

================================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[NathanC]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cheung
->Temp folder emptied: 129802162 bytes
->Temporary Internet Files folder emptied: 193543056 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 64021 bytes

User: cheunnat
->Temp folder emptied: 0 bytes

User: DB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dropbox1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dropbox2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nathan Cheung
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87822 bytes
RecycleBin emptied: 33059380 bytes

Total Files Cleaned = 340.00 mb


[EMPTYFLASH]

User: All Users

User: Cheung
->Flash cache emptied: 0 bytes

User: cheunnat

User: DB

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dropbox1
->Flash cache emptied: 0 bytes

User: Dropbox2
->Flash cache emptied: 0 bytes

User: Nathan Cheung

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Cheung
->Java cache emptied: 0 bytes

User: cheunnat

User: DB

User: Default

User: Default User

User: Dropbox1

User: Dropbox2

User: Nathan Cheung

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04232012_141832
Files\Folders moved on Reboot...
C:\Users\Cheung\AppData\Local\Temp\boost_interprocess\mtx moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\fastbutton[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\like[7].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\tweet_button.1334389481[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4BRNYX3\xd_arbiter[2].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR70FWQ\PugTracker[2].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\dpsync[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\dpsync[2].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\page-3[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0UW2QID\up[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTU52ON\dpsync[1].htm moved successfully.
C:\Users\Cheung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTU52ON\xd_arbiter[2].htm moved successfully.
File\Folder C:\Windows\temp\hsperfdata_CHEUNG-DESKTOP$\2568 not found!
Registry entries deleted on Reboot...

 

[NathanC]

after deleting old version of java i get error on startup saying java VM wouldn't start

 

[NathanC]

Actual Message is "Could not find Java VM"

 

[Broni]

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Attach the file to your next reply.

 

[NathanC]

Autoruns Attached

 

[Broni]

It must be coming from one of your startups.
I can't see right away which one it could be.

See if you have same error in Safe Mode.