Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Agent. AKB.2 virus, Adserverplus popup problem

Started by AshiyaYuki , Jul 19 2012 08:30 AM

  • Please log in to reply

#1
AshiyaYuki
Posted 19 July 2012 - 08:30 AM

AshiyaYuki

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

I'm new to this forum and i'm currently having this problem with adserverplus, ad.yieldmanager ad.doubleclick.net popups. They always appear when i'm using firefox, chrome and IE. i have done some research and found that it is the TR/Agent.AKB.2 virus. I'm also not very good with computers so i might need more help :( And recently i noticed a lot of desktop.ini and album art appearing in almost all of my folders. Is it a virus?

OTL. Txt:
Attached File  OTL.Txt   185.06KB   136 downloads


Thank you. :)

OTL logfile created on: 19/7/2012 9:22:20 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.93 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 11.59% Memory free
5.85 Gb Paging File | 2.53 Gb Available in Paging File | 43.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 8.93 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive D: | 405.47 Gb Total Space | 248.29 Gb Free Space | 61.24% Space Free | Partition Type: NTFS

Computer Name: RP104246 | User Name: 104246 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 21:21:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL (1).exe
PRC - [2012/07/11 19:17:57 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/11 19:17:54 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/15 09:31:30 | 003,598,064 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\Funshion.exe
PRC - [2012/05/15 09:24:30 | 001,763,056 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2012/05/10 00:53:46 | 000,201,112 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/05/04 13:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/04 13:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/04 13:36:58 | 000,955,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/05/01 14:02:14 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
PRC - [2012/05/01 14:02:12 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/11 16:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/11/17 12:00:06 | 002,221,712 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2011/07/21 18:10:24 | 000,177,456 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/13 18:43:28 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2011/06/13 18:43:28 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2011/06/13 18:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2011/03/24 15:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/05 22:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/04 13:06:57 | 000,520,192 | ---- | M] (Republic Polytechnic) -- C:\Program Files\Republic Poly\UTClient\UTAgent.exe
PRC - [2010/05/27 17:02:48 | 000,796,592 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/01/15 20:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/06 03:12:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/12/11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/12/11 11:58:56 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/12/03 17:44:42 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/10/23 15:55:28 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/23 15:55:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/23 15:55:26 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/23 15:55:26 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/23 15:55:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/20 20:32:00 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/10/20 20:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/10/19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/10/01 18:08:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 18:08:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/10/01 18:08:38 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/10/01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2007/04/13 02:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006/12/09 19:04:10 | 000,117,568 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 19:17:58 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/11 19:17:54 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/07/10 12:09:00 | 000,438,296 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/10 12:08:59 | 003,972,120 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 12:07:39 | 000,554,520 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 12:07:37 | 000,117,784 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 12:07:22 | 000,140,328 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 12:07:21 | 000,262,184 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 12:07:19 | 002,386,984 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 10:17:27 | 009,255,112 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/10 10:17:27 | 009,255,112 | ---- | M] () -- C:\Users\104246\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2012/05/25 16:31:37 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7dfba5d1d4bb05f6e4ea95ffa0f359a9\System.Core.ni.dll
MOD - [2012/05/25 16:31:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\96c67054741c79ebccb7c67c3468a8c5\System.Management.ni.dll
MOD - [2012/05/25 15:55:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96a5c5331595b2dbc3a891ad1249e519\PresentationFramework.Aero.ni.dll
MOD - [2012/05/25 15:55:52 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c3f6bab61bd342ff9dc18100d78ab48a\System.ServiceProcess.ni.dll
MOD - [2012/05/25 15:55:33 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f8df897f1f57d1cf6f9fe821df6573c5\System.Web.Services.ni.dll
MOD - [2012/05/25 15:55:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012/05/25 15:55:12 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a6f0833352aeeafae3a5dad61536052e\System.EnterpriseServices.ni.dll
MOD - [2012/05/25 15:55:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\1f41bf39928a680d56621d083cf02348\System.Transactions.ni.dll
MOD - [2012/05/25 15:55:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4e26c6b80e18c10fd21607868d6f10cd\System.Data.ni.dll
MOD - [2012/05/25 15:54:38 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\898d81e6d776766e95f1da4e384b7c01\PresentationFramework.ni.dll
MOD - [2012/05/25 15:34:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dc15a932ab494a57e7a8c4b424722c03\System.Windows.Forms.ni.dll
MOD - [2012/05/25 15:34:22 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\963f4a8ee1733775937bbd02da14ce44\System.Drawing.ni.dll
MOD - [2012/05/25 15:34:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e62f726d03a358af0ce24a70e31aaaa8\PresentationCore.ni.dll
MOD - [2012/05/25 15:33:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012/05/25 15:33:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012/05/25 15:33:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012/05/25 15:33:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012/05/25 15:33:01 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2012/05/18 14:26:51 | 000,115,137 | ---- | M] () -- C:\Users\104246\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012/05/15 09:21:32 | 000,169,200 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ptv.dll
MOD - [2012/05/15 09:21:22 | 000,287,472 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\lsv.dll
MOD - [2012/05/15 09:21:20 | 000,288,496 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\agentd.dll
MOD - [2012/05/15 09:20:52 | 000,238,080 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ttv.dll
MOD - [2012/05/15 09:20:08 | 000,285,936 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\gma.dll
MOD - [2012/05/15 09:20:04 | 000,306,416 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\dump.dll
MOD - [2012/05/04 13:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/02 17:33:40 | 000,649,640 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012/05/02 17:33:40 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012/05/02 17:33:38 | 000,537,000 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012/05/02 17:33:38 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012/05/02 17:21:26 | 000,080,384 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll
MOD - [2012/05/02 08:50:38 | 000,012,800 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.dll
MOD - [2012/05/02 08:50:02 | 014,187,008 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/05/02 08:49:20 | 000,514,560 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/05/02 08:49:10 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/05/02 08:48:26 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/05/01 14:02:56 | 000,048,128 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012/05/01 14:01:48 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/13 18:43:40 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2011/01/04 16:11:26 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll
MOD - [2011/01/04 16:11:24 | 000,126,976 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\DNSe.dll
MOD - [2011/01/04 16:11:16 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
MOD - [2011/01/04 16:11:14 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll
MOD - [2010/11/29 04:34:18 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/06 03:12:00 | 000,033,280 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/11 05:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2006/09/10 22:04:12 | 000,188,416 | ---- | M] () -- C:\Program Files\Republic Poly\UTClient\utenc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/13 00:08:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 19:17:57 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 17:57:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/06/13 18:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/01/05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/09 17:21:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/06 03:12:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 03:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/12/11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/12/11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/10/23 15:55:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/23 15:55:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/23 15:55:26 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/23 15:55:26 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/23 15:55:26 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/20 20:32:00 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/10/20 20:31:52 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/10/20 20:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/10/19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/10/01 18:08:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 18:08:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/25 16:11:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/04 21:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/04/13 02:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012/07/11 18:13:38 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120718.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/07/11 18:13:38 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120718.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/30 16:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 16:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/12/19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/12/19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/10/17 20:52:29 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2011/09/30 12:17:24 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/01/05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/12/21 13:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 13:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 13:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/15 15:48:51 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/22 21:14:48 | 000,485,944 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/01/06 03:12:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010/01/06 03:12:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/12/14 17:07:32 | 000,127,232 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009/12/10 09:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/12/02 11:37:25 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 18:12:52 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)
DRV - [2009/10/30 06:55:30 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2009/10/26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/23 15:55:28 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/23 15:55:28 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/23 15:55:28 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/23 15:55:24 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/23 15:55:24 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/10/23 15:55:24 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 06:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/15 13:57:00 | 000,023,416 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/04/20 10:44:10 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/13 02:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/04/02 14:55:48 | 000,021,888 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtmserusb.sys -- (GTMSERUSB)
DRV - [2007/03/28 09:59:04 | 000,036,992 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2007/03/28 09:59:02 | 000,024,704 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\g3gruser.sys -- (G3GRUSER)
DRV - [2007/03/28 09:59:02 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/28 09:59:00 | 000,166,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/03/28 09:59:00 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/03/28 09:59:00 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/03/28 09:59:00 | 000,077,952 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2007/03/28 09:58:58 | 000,020,480 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swivspnt.sys -- (swivsp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myrp.sg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://plusnetwork.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enSG379
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-11 19:18:03&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...shion010_oem_dg
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ISA-Firewall.rp.sg:8080

========== FireFox ==========

FF - prefs.js..CT1060933.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Plus! Network"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:03&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files\Baidu\BaiduPlayer\1.14.0.101\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\104246\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\104246\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/11 19:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 19:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/26 22:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/25 16:45:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/26 22:56:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/25 16:45:41 | 000,000,000 | ---D | M]

[2010/12/23 16:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\104246\AppData\Roaming\mozilla\Extensions
[2012/07/16 23:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions
[2012/07/16 23:28:46 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/30 18:22:18 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/02/05 22:41:29 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2012/06/26 22:56:27 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/02/22 10:09:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/12 21:39:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/27 14:37:21 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\[email protected]
[2012/06/26 22:32:46 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/05/06 20:06:14 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\104246\AppData\Roaming\mozilla\Firefox\Profiles\e92le98s.default\extensions\[email protected]
[2012/07/16 23:30:31 | 000,000,875 | ---- | M] () -- C:\Users\104246\AppData\Roaming\Mozilla\Firefox\Profiles\e92le98s.default\searchplugins\conduit.xml
[2012/01/03 16:05:40 | 000,002,770 | ---- | M] () -- C:\Users\104246\AppData\Roaming\Mozilla\Firefox\Profiles\e92le98s.default\searchplugins\Plusnetwork.xml
[2012/04/04 10:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/11 19:16:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/11 19:18:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2011/10/29 17:56:16 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\104246\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E92LE98S.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
[2012/06/23 23:46:59 | 000,065,379 | ---- | M] () (No name found) -- C:\USERS\104246\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E92LE98S.DEFAULT\EXTENSIONS\[email protected]
[2012/06/19 17:57:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 16:55:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/10 01:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/11 19:17:51 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/19 17:57:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/19 17:57:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\104246\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\104246\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files\Baidu\BaiduPlayer\1.14.0.101\npxbdyy.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\104246\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - Extension: Complitly plugin for chrome = C:\Users\104246\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: Untitled = C:\Users\104246\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfofcdjmmfcipljgbipjojobibknmfhc\1.0_1\
CHR - Extension: AVG Do Not Track = C:\Users\104246\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: My Chrome Theme = C:\Users\104246\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\

O1 HOSTS File: ([2010/03/09 15:52:10 | 000,380,343 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13101 more lines...
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No CLSID value found.
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\104246\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\tb4sha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [YY] C:\Program Files\duowan\yy-2.0\yylauncher.exe (廣州多玩資訊技術有限公司)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\104246\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\104246\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: media.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.rp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: myrp.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.edu.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: rp.sg ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9C10BBDE-0A29-4372-929C-3E1453EC8BAB} http://musicplayer.s...kage/p3init.cab (p3init1 Class)
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx (Launch Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://antivirus.rp....ent/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B46C35-C760-4E1B-AF0E-25AF07400610}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF774002-B12F-45AA-B1A3-5921E1614725}: DhcpNameServer = 10.60.20.9 10.60.20.10
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16b17934-bbb2-11df-8a05-c417feecd537}\Shell - "" = AutoRun
O33 - MountPoints2\{16b17934-bbb2-11df-8a05-c417feecd537}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6c47b8c1-f9f2-11e0-9e4c-c417feecd537}\Shell - "" = AutoRun
O33 - MountPoints2\{6c47b8c1-f9f2-11e0-9e4c-c417feecd537}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O33 - MountPoints2\{8bc80f7b-05b6-11e1-8b9e-c417feecd537}\Shell - "" = AutoRun
O33 - MountPoints2\{8bc80f7b-05b6-11e1-8b9e-c417feecd537}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bd45a2db-b411-11e0-9d66-c417feecd537}\Shell - "" = AutoRun
O33 - MountPoints2\{bd45a2db-b411-11e0-9d66-c417feecd537}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{29F01997-B3D8-406D-8042-7B5E9C255859}
[2012/07/19 21:12:43 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{E9713D17-398B-4A5B-90EE-1E9C294CE9ED}
[2012/07/19 19:30:35 | 000,000,000 | ---D | C] -- C:\Users\104246\Desktop\All Pictures
[2012/07/19 19:16:56 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{CAD93F6C-C431-48FF-99BF-AD93F73C79BC}
[2012/07/19 19:15:18 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{571AEDBA-096D-4404-951D-5E2BD96E5202}
[2012/07/19 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{2F0B0ACB-3882-4880-A3E7-01F23ACE0EC2}
[2012/07/17 23:12:15 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{6EFC96D3-810C-450F-BD68-4E2E17AF698C}
[2012/07/16 23:12:40 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{01569546-ED87-46B3-A7A1-4ACEEA83C88A}
[2012/07/16 23:12:13 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{F12A85F5-7A46-41C4-ACB0-CFB8B22D2D5A}
[2012/07/16 10:47:50 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{AD400295-A3AF-454F-A8DE-E73303EEB828}
[2012/07/16 10:46:21 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{D7BF70B2-F9C8-4F72-BF42-92398822E2EC}
[2012/07/14 09:17:15 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{F28A34A9-D908-4F06-A72A-32999F64B1B6}
[2012/07/14 09:16:58 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{854A4010-1891-4D3C-9EF3-46A25D7F16DF}
[2012/07/12 23:05:30 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{A4BA0A76-96C1-4B24-80D5-772C045F55E2}
[2012/07/12 23:05:13 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{2ADDAF11-1931-4E11-90A0-3E6FD4D34B3C}
[2012/07/12 10:57:32 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{E6B732BC-9469-4334-A273-4B93A49DA9C0}
[2012/07/12 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{333689DE-0AE7-491E-8160-F874E372FF50}
[2012/07/12 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{0E160A22-632D-4FFE-B467-189FF9379AD5}
[2012/07/11 19:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/11 17:54:43 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{F7986898-8948-4358-A8D4-441AF190253B}
[2012/07/11 17:54:31 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{6561ABB4-461D-4579-9EB1-933CC68D1DE2}
[2012/07/08 12:55:40 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{068ABA4C-5561-4B46-9B2B-23C4E95456DF}
[2012/07/08 12:55:21 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{43C9011C-C2CD-41EA-ADFB-58752F1332DB}
[2012/07/05 23:21:18 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{0453076C-57B9-4E1E-BBC5-230ECA873442}
[2012/07/05 23:21:00 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{457A60C6-895E-4615-A416-6D5B930DC38F}
[2012/07/04 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{FF117B47-2636-49B7-B9C5-165D2C4958C2}
[2012/07/04 21:03:28 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{03D6C41B-0D2B-407D-921F-2A4A3DA04528}
[2012/07/03 23:22:05 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{EC9BE4D6-1B22-4367-967B-888A212AEEF1}
[2012/07/03 23:21:51 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{3B28A990-E426-486A-AF5A-F26C4442BFDF}
[2012/07/02 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{3A9B68D2-A02F-4384-81D4-208B70530552}
[2012/07/02 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{F7110C4A-2E6A-4B57-B661-E5F451E130EB}
[2012/07/01 21:12:30 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{568E87A7-E1AB-42B6-9184-5E0F95C4606A}
[2012/07/01 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{FA0A27A6-05A4-47A1-A325-8CDF725BCB42}
[2012/06/30 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{D0CD8E25-3788-4051-BECF-FD35EB3D18E8}
[2012/06/30 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{2AD3D7C1-9D5E-44FD-84B5-7C924F35E17B}
[2012/06/29 21:14:01 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{D2B5F9FC-7A39-4912-911E-055128AAD5F8}
[2012/06/29 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{80C6B0BC-502F-40FB-BAC5-DEFFC42DF952}
[2012/06/28 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{CD92B229-1949-4963-BC49-5C99C12CEC7F}
[2012/06/28 21:22:15 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{89DBB5B6-697B-45EF-B4A8-31532B8043B3}
[2012/06/27 23:02:07 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{1B48193E-BE61-4F57-BED8-379D4E7EDC05}
[2012/06/27 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{6B1FEF40-36FE-401C-AF84-4C99D7FFE044}
[2012/06/26 22:56:43 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\adawarebp
[2012/06/26 22:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/06/26 22:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/06/26 22:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/06/26 22:36:14 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/06/26 22:35:27 | 000,223,864 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFw.sys
[2012/06/26 22:35:27 | 000,094,584 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/06/26 22:35:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/06/26 22:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/06/26 22:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/06/26 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/26 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Roaming\Ad-Aware Antivirus
[2012/06/26 12:02:08 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{4CE82543-F591-443C-9A87-C4B337BBC33E}
[2012/06/26 12:01:23 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{E0D123AB-BC72-40F4-B9A7-E34C7A3698D2}
[2012/06/25 23:08:14 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{EC0E8EC2-8733-4B05-97DC-4EBD87C34721}
[2012/06/25 23:08:02 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{196E61F0-24BF-42B0-B476-CC2E1AE381AC}
[2012/06/24 23:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaiduPlayer
[2012/06/24 23:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2012/06/24 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Roaming\Baidu
[2012/06/24 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2012/06/24 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{6D6977BB-B2F8-4260-88E1-482BBFCC2874}
[2012/06/24 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{1FB6D2E0-CFF7-4A17-BC6F-7520AEB0B201}
[2012/06/23 22:53:17 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{7DB12A52-7FE6-43ED-9A84-FD926B229006}
[2012/06/23 22:52:39 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{D0579810-9395-4758-8A4D-AEFE67AE7C3C}
[2012/06/22 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{E15D7684-4E2D-4A36-B752-6F5E23DA6BA8}
[2012/06/22 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{DF6AAC55-CA08-4FA7-9AE1-6EFDE198F548}
[2012/06/22 11:24:29 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{7260C5E8-A6E2-4866-AAA3-B9E68579D44B}
[2012/06/22 11:24:09 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{C54747FF-04DA-4084-B0F3-6FB3170C4F2B}
[2012/06/21 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{BE3C4B6F-5DA7-409A-9FCC-852C47BE7B3B}
[2012/06/21 20:33:19 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{0A7FB47D-465B-42B0-BFF9-A0804C977EE1}
[2012/06/20 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{2D018069-A6EF-4824-8059-48E9C2A543C9}
[2012/06/20 20:49:06 | 000,000,000 | ---D | C] -- C:\Users\104246\AppData\Local\{D78867EB-CB01-4A9C-8DC2-4E32B1F1DED8}

========== Files - Modified Within 30 Days ==========

[2012/07/19 22:08:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 22:00:12 | 000,005,164 | ---- | M] () -- C:\Users\104246\funshion.ini
[2012/07/19 21:33:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/19 21:20:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-269598UA.job
[2012/07/19 21:12:32 | 000,000,911 | ---- | M] () -- C:\Users\104246\AppData\Roaming\coreavc.ini
[2012/07/19 21:10:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 21:02:26 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 21:02:26 | 000,020,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 20:55:06 | 000,000,497 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/07/19 20:53:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 20:53:48 | 2355,904,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 18:44:56 | 101,724,594 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/18 00:12:15 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 23:10:52 | 000,000,438 | ---- | M] () -- C:\Windows\System32\WSCConfig.xml
[2012/07/14 23:07:22 | 000,148,992 | ---- | M] () -- C:\Users\104246\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/14 18:17:36 | 000,624,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/14 18:17:36 | 000,109,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/14 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/13 00:20:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1801674531-725345543-269598Core.job
[2012/07/08 17:00:02 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2012/07/05 23:17:38 | 000,000,000 | ---- | M] () -- C:\t1j4.2
[2012/07/04 21:01:35 | 000,000,000 | ---- | M] () -- C:\t1jc.1
[2012/07/03 23:19:17 | 000,000,000 | ---- | M] () -- C:\t1jg.1
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 14:41:53 | 000,003,212 | RHS- | M] () -- C:\Users\104246\ntuser.pol
[2012/06/29 00:21:24 | 000,001,738 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml
[2012/06/28 00:04:32 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml

========== Files Created - No Company Name ==========

[2012/07/18 00:12:15 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 23:10:52 | 000,000,438 | ---- | C] () -- C:\Windows\System32\WSCConfig.xml
[2012/07/05 23:17:38 | 000,000,000 | ---- | C] () -- C:\t1j4.2
[2012/07/04 21:01:35 | 000,000,000 | ---- | C] () -- C:\t1jc.1
[2012/07/03 23:19:17 | 000,000,000 | ---- | C] () -- C:\t1jg.1
[2012/06/29 00:21:24 | 000,001,738 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml
[2012/06/28 00:04:32 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
[2012/01/15 20:50:54 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2012/01/15 20:45:56 | 000,000,891 | ---- | C] () -- C:\Windows\System32\bdsecushr.dat
[2011/09/30 20:19:40 | 000,000,911 | ---- | C] () -- C:\Users\104246\AppData\Roaming\coreavc.ini
[2011/09/24 19:25:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/09/24 19:21:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/22 15:10:00 | 000,000,000 | ---- | C] () -- C:\Users\104246\AppData\Local\{B2B79269-3080-4880-B353-3DFAE7F23543}
[2011/02/18 21:00:39 | 000,000,117 | ---- | C] () -- C:\Users\104246\jagex_runescape_preferences2.dat
[2011/02/18 20:54:45 | 000,000,034 | ---- | C] () -- C:\Users\104246\jagex_runescape_preferences.dat
[2011/02/01 10:31:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/02/01 10:31:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/12/07 13:00:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/11/29 05:16:00 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/11/29 05:16:00 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/11/29 05:16:00 | 000,105,408 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/11/29 04:39:32 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/29 04:34:18 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010/08/14 20:07:12 | 000,000,256 | ---- | C] () -- C:\Users\104246\AppData\Roaming\090024D704AD64
[2010/07/29 12:57:02 | 000,005,160 | ---- | C] () -- C:\Users\104246\funshion.ini
[2010/07/29 12:57:02 | 000,000,990 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/07/04 20:47:24 | 000,148,992 | ---- | C] () -- C:\Users\104246\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 16:57:46 | 000,003,212 | RHS- | C] () -- C:\Users\104246\ntuser.pol
[2010/03/16 16:57:34 | 000,000,017 | ---- | C] () -- C:\Users\104246\AppData\Local\resmon.resmoncfg
[2009/12/02 11:46:14 | 000,036,039 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/04/27 17:43:36 | 000,055,620 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2007/03/28 10:00:16 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

========== LOP Check ==========

[2012/07/01 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Ad-Aware Antivirus
[2012/06/17 00:50:11 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\AVG2012
[2012/06/24 23:33:56 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Baidu
[2010/03/09 15:34:02 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\CachedFiles
[2011/09/30 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Complitly
[2011/09/26 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\DAEMON Tools Lite
[2011/09/19 16:43:20 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Downloaded Installations
[2011/09/01 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\duowan
[2011/03/25 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\DVDVideoSoft
[2011/03/02 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/27 13:59:19 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Flood Light Games
[2011/02/05 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\GrabPro
[2011/09/30 13:08:49 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Hive Cluster
[2011/08/20 22:03:44 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Launchy
[2010/11/25 15:48:33 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Leadertech
[2009/12/03 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\MRTalk
[2012/02/14 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\MusicNet
[2010/06/14 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\NCH Swift Sound
[2012/05/31 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Orbit
[2011/12/18 19:56:53 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\PPStream
[2010/12/24 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\ProgSense
[2011/09/19 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\RenPy
[2009/12/03 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Republic Poly
[2011/02/01 10:29:42 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Samsung
[2011/06/17 22:39:02 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\StepMania 5
[2010/07/03 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Synthesia
[2012/05/18 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\Temp
[2010/11/19 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/11/06 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\uTorrent
[2011/01/13 14:16:13 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\WOWClient
[2012/05/02 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\104246\AppData\Roaming\YourFileDownloader
[2010/03/09 16:10:06 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/08 17:00:02 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011/12/29 11:13:23 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2012/03/07 20:00:57 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/14 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/06/24 23:33:57 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hao123???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hao123桌面版

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9857FAE3

< End of report >

Edited by Essexboy, 26 July 2012 - 12:47 PM.

  • 0

Advertisements

#2
WhiteHat
Posted 19 July 2012 - 10:43 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello AshiyaYuki and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


  • 0

#3
WhiteHat
Posted 19 July 2012 - 12:48 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Is this a business/institution computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?
I ask because for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

# Step 1 #

Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


# Step 2 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic




  • 0

#4
AshiyaYuki
Posted 22 July 2012 - 08:32 AM

AshiyaYuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello WhiteHat,

Thank you for replying to my post. :)

I have tried step one but there was a sudden popup by the Symantec Endpoint protection saying it blocked the action taken by adwcleaner, and it took very long for the adwcleaner to load. What should i do and do i continue with step two?
  • 0

#5
WhiteHat
Posted 22 July 2012 - 11:39 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi AshiyaYuki,

First of all, answer these question:

Is this a business/institution computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?


Second, I need you to disable the Symantec Endpoint protection to run the adwCleaner. If you don't know how to disable, see the topic below:
http://www.bleepingc...opic114351.html
  • 0

#6
AshiyaYuki
Posted 23 July 2012 - 09:49 PM

AshiyaYuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello WhiteHat,

This is my own computer, but it has my institution software installed. I will get back to you again after i have contacted my IT specialist.
Sorry for the trouble.
  • 0

#7
WhiteHat
Posted 24 July 2012 - 05:51 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Sorry for the trouble.

It's not a big problem.

I will wait your return :thumbsup:
  • 0

#8
AshiyaYuki
Posted 26 July 2012 - 12:33 AM

AshiyaYuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi WhiteHat,

I'm back! My IT specialist said she did a scan using Malwarebytes anti-Malware and removed all the virus. I have used my computer for 3 hours and there is no more popups appearing as for now. I will tell you again in a week's time if the pop-up still appears.

Thank you once again. :)
  • 0

#9
WhiteHat
Posted 27 July 2012 - 11:34 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I don't think MBAM removed everything. Can you run OTL again:

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP