Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

startnow on chrome [Closed]


  • This topic is locked This topic is locked

#1
skyace

skyace

    Member

  • Member
  • PipPip
  • 18 posts
I am infected with the startnow virus on chrome. I am having much difficulty removing it. please help
  • 0

Advertisements


#2
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i need help to clear the startnow virus.
  • 0

#3
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 9/20/2012 9:35:23 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\ACErias\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.80% Memory free
2.97 Gb Paging File | 1.16 Gb Available in Paging File | 38.95% Paging File free
Paging file location(s): c:\pagefile.sys 1000 3057 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 7.84 Gb Free Space | 15.36% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 4.33 Gb Free Space | 8.48% Space Free | Partition Type: NTFS

Computer Name: ACERIAS-PC | User Name: ACErias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/20 09:33:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/07/14 06:06:13 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/02 23:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 23:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/31 16:56:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/22 15:19:40 | 000,876,032 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
PRC - [2012/04/03 02:45:14 | 000,641,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Scan\Engine\3.6.0.31\Nss.exe
PRC - [2012/03/06 17:52:52 | 001,678,576 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/07 17:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/28 03:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 20:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files\Remote Mouse Server\RemoteMouse.exe
PRC - [2010/06/27 01:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) -- C:\Program Files\Virtual Router\VirtualRouterService.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 12:16:10 | 001,130,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/05/21 19:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/19 22:30:43 | 000,122,368 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wxbase28uh_net_vc.dll
MOD - [2012/09/19 22:30:43 | 000,110,592 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\pywintypes26.dll
MOD - [2012/09/19 22:30:42 | 003,168,768 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wxmsw28uh_core_vc.dll
MOD - [2012/09/19 22:30:42 | 000,730,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wxmsw28uh_adv_vc.dll
MOD - [2012/09/19 22:30:42 | 000,479,744 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wxmsw28uh_html_vc.dll
MOD - [2012/09/19 22:30:41 | 001,306,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wxbase28uh_vc.dll
MOD - [2012/09/19 22:30:38 | 000,980,992 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._core_.pyd
MOD - [2012/09/19 22:30:37 | 000,744,960 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._gdi_.pyd
MOD - [2012/09/19 22:30:37 | 000,669,696 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._windows_.pyd
MOD - [2012/09/19 22:30:37 | 000,665,600 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\_ssl.pyd
MOD - [2012/09/19 22:30:36 | 000,011,776 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\autopy.key.pyd
MOD - [2012/09/19 22:30:35 | 000,096,256 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\win32api.pyd
MOD - [2012/09/19 22:30:35 | 000,073,728 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\_ctypes.pyd
MOD - [2012/09/19 22:30:34 | 000,010,752 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\autopy.mouse.pyd
MOD - [2012/09/19 22:30:33 | 000,966,144 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._controls_.pyd
MOD - [2012/09/19 22:30:33 | 000,675,328 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._misc_.pyd
MOD - [2012/09/19 22:30:33 | 000,346,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\wx._html.pyd
MOD - [2012/09/19 22:30:33 | 000,040,448 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI43762\_socket.pyd
MOD - [2012/08/30 10:58:45 | 000,442,392 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 10:58:44 | 012,237,336 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 10:58:42 | 003,997,720 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 10:57:27 | 000,526,872 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 10:57:26 | 000,104,984 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 10:57:15 | 000,144,424 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 10:57:13 | 000,266,792 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 10:57:12 | 002,480,680 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/04/22 15:19:40 | 000,876,032 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
MOD - [2012/03/06 17:50:08 | 000,167,152 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ptv.dll
MOD - [2012/03/06 17:50:06 | 000,231,152 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ttv.dll
MOD - [2012/03/06 17:50:04 | 000,287,472 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\lsv.dll
MOD - [2012/03/06 17:50:04 | 000,241,904 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fptassrv.dll
MOD - [2012/03/06 17:50:02 | 000,288,496 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\agentd.dll
MOD - [2012/03/06 17:48:48 | 000,135,920 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\gma.dll
MOD - [2012/03/06 17:48:42 | 000,305,392 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\dump.dll
MOD - [2011/10/07 17:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 20:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files\Remote Mouse Server\RemoteMouse.exe


========== Services (SafeList) ==========

SRV - [2012/09/14 17:37:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/14 06:06:13 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/02 23:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/28 03:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/23 04:37:00 | 003,440,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/03 03:00:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/21 19:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ACErias\AppData\Local\Temp\HLXB6A.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\games related\blackshot\Blackshot\System\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2012/09/19 23:19:33 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 14:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 14:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/04/27 13:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/05/25 20:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009/05/25 20:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 20:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009/05/25 20:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 20:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009/05/25 20:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 20:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
DRV - [2009/05/25 04:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/05/02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/03 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/iat/us_sg.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 32 45 6B 66 02 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.th123.com
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B0DE6AB-F1C5-4611-8D8C-8D9D6545FAA4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-26 08:25:34&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...shion010_oem_dg
IE - HKCU\..\SearchScopes\{EB9800A3-98D9-4CD3-97E4-145C030C7DE4}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "StartNow "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110829"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.14
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.79
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3.3
FF - prefs.js..extensions.enabledAddons: [email protected]:4.8.2
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0
FF - prefs.js..extensions.enabledAddons: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.7
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:0.79
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ACErias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/14 04:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/14 06:06:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/19 14:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/27 11:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 16:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 17:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 22:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 17:37:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 22:13:43 | 000,000,000 | ---D | M]

[2010/06/06 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Extensions
[2010/06/06 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/16 15:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions
[2012/09/07 15:25:26 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/05 19:05:46 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/05/20 14:44:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/07 15:25:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/31 01:43:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/28 12:11:48 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2010/07/06 22:48:12 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/09/14 17:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged
[2011/03/21 14:21:33 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2011/07/02 21:39:30 | 000,003,004 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/05/24 15:22:38 | 000,031,033 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/06/17 00:34:35 | 000,139,765 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/08/10 17:25:40 | 000,324,456 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2011/07/23 02:48:13 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/09/07 15:25:28 | 000,590,708 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012/07/29 11:18:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/30 23:28:32 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/08/10 17:25:41 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/07 15:25:28 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/03/31 01:43:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/09/14 17:44:15 | 000,371,729 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged\[email protected]
[2012/09/14 17:44:20 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/08/29 12:59:39 | 000,001,945 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\bing-zugo.xml
[2012/09/14 17:42:03 | 000,001,088 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\dictionarycom.xml
[2012/09/14 17:38:49 | 000,002,356 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\startnow.xml
[2012/09/14 16:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 21:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/14 16:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/01/19 14:21:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\ACERIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EOXGHTEN.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
[2012/09/14 17:37:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/31 16:56:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 06:06:11 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/14 17:37:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/08 01:58:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/09/14 17:37:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.sg/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestquerie...q={searchTerms},
CHR - homepage: http://www.google.com.sg/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ACErias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click&Clean = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: AdBlock = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.44_0\
CHR - Extension: TweetDeck = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: BitTorrentBar = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.8.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (2EC458C8-E335-F3FD-E99A-AA3289BA7F0B Class) - {2EC458C8-E335-F3FD-E99A-AA3289BA7F0B} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.2.16 218.186.2.6 202.156.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CE4EA5-899C-4FD2-AAA2-49973984F33A}: DhcpNameServer = 202.65.244.32 202.65.247.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2109B20E-1BA2-4891-A035-2A1A53971B61}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C06ADB9-18C3-463E-8245-3CE1B34AF03B}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CD4302C-FEB6-425C-A6B1-BD4065481B38}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4609A6A0-2FE9-49D2-B5A6-72795FEA9A57}: DhcpNameServer = 165.21.83.88 165.21.100.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513580FF-C829-4DA2-8418-5C26EBF054D8}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC68B585-F57A-439C-B433-62F67E65BCA1}: DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0094ED-81ED-4992-A0A6-CD5ABDA6AC90}: DhcpNameServer = 218.186.2.16 218.186.2.6 202.156.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7F2D43-F120-4C1D-9A59-A1F6E8BFFCAB}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{296c2f3c-6e59-11df-a7e8-001d7227988c}\Shell - "" = AutoRun
O33 - MountPoints2\{296c2f3c-6e59-11df-a7e8-001d7227988c}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{c4580922-0e43-11e0-81c9-001d7227988c}\Shell - "" = AutoRun
O33 - MountPoints2\{c4580922-0e43-11e0-81c9-001d7227988c}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 09:33:43 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
[2012/09/20 00:21:10 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\SpeedyPC Software
[2012/09/20 00:21:10 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\DriverCure
[2012/09/20 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/09/20 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/09/20 00:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/20 00:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/09/19 23:58:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/09/19 23:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/19 23:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/19 23:19:33 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2012/09/19 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Local\NPE
[2012/09/14 16:44:37 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/09/14 16:44:37 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/09/14 16:44:37 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/09/14 04:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/09 11:12:31 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Local\StartNow
[2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\ACErias\Desktop\Sean Paul -
File not found -- C:\Users\ACErias\Desktop\Pitbull - Back In Time (featured in
File not found -- C:\Users\ACErias\Desktop\Lyrikill Flo Rida
[2012/09/20 09:34:32 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000Core.job
[2012/09/20 09:33:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
[2012/09/20 09:30:28 | 095,309,490 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/20 09:28:35 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 09:28:35 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 09:20:11 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000UA.job
[2012/09/20 00:21:17 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/19 23:19:36 | 000,000,020 | ---- | M] () -- C:\Windows\System32\drivers\SMR311.dat
[2012/09/19 23:19:33 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2012/09/19 23:14:44 | 000,003,910 | ---- | M] () -- C:\Users\ACErias\funshion.ini
[2012/09/19 22:34:06 | 000,000,911 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\coreavc.ini
[2012/09/19 22:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 22:28:30 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/16 18:13:09 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ACErias.job
[2012/09/07 03:02:22 | 000,002,465 | ---- | M] () -- C:\Users\ACErias\Desktop\Google Chrome.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/27 03:47:23 | 000,223,492 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/25 02:58:57 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\ACErias\Desktop\Sean Paul -
File not found -- C:\Users\ACErias\Desktop\Pitbull - Back In Time (featured in
File not found -- C:\Users\ACErias\Desktop\Lyrikill Flo Rida
[2012/09/20 00:21:16 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/19 23:19:34 | 000,000,020 | ---- | C] () -- C:\Windows\System32\drivers\SMR311.dat
[2011/08/29 12:40:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/23 17:13:37 | 000,000,911 | ---- | C] () -- C:\Users\ACErias\AppData\Roaming\coreavc.ini
[2011/05/18 09:35:46 | 000,003,910 | ---- | C] () -- C:\Users\ACErias\funshion.ini
[2011/05/18 09:35:46 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/12/28 02:07:19 | 000,007,680 | ---- | C] () -- C:\Users\ACErias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 11:39:29 | 000,000,000 | ---- | C] () -- C:\Users\ACErias\AppData\Local\prvlcl.dat
[2010/11/12 14:04:24 | 000,000,099 | ---- | C] () -- C:\Users\ACErias\jagex_runescape_preferences2.dat
[2010/11/12 14:01:39 | 000,000,046 | ---- | C] () -- C:\Users\ACErias\jagex_runescape_preferences.dat
[2010/08/05 01:01:14 | 000,007,655 | ---- | C] () -- C:\Users\ACErias\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Files - Unicode (All) ==========
File not found(C:\Users\ACErias\Desktop\[MV]????(Rainbow)Full HD) -- C:\Users\ACErias\Desktop\[MV]레인보우(Rainbow)Full HD

< End of report >
  • 0

#4
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi skyace, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    qmgr.dll
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Select LOP Check and Purity Check.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

Step Three: Computer Symptoms

Please let me know what problems you are having with your computer.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
3. Let me know what problems you are having with yout computer.
  • 0

#5
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
when creating the OTL file. Some windows pop up said it cant create a bat file on my desktop. now,it looks like the OTL program is not progressing at all. it states, "manual file scan-looking in folder bla3...."
  • 0

#6
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
should i rerun the program? or .... and btw,thanks for your help. i am noob in these stuff
  • 0

#7
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
You're welcome!! Try to run OTL again and if it still doesn't work move on to the next step.
  • 0

#8
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 9/22/2012 12:24:51 AM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\ACErias\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.11% Memory free
2.97 Gb Paging File | 1.51 Gb Available in Paging File | 50.88% Paging File free
Paging file location(s): c:\pagefile.sys 1000 3057 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 7.99 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 4.33 Gb Free Space | 8.48% Space Free | Partition Type: NTFS

Computer Name: ACERIAS-PC | User Name: ACErias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 09:33:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/07/14 06:06:13 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/14 06:06:11 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/02 23:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 23:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/31 16:56:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/26 15:37:14 | 006,379,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/03/06 17:52:52 | 001,678,576 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/07 17:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/28 03:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 20:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files\Remote Mouse Server\RemoteMouse.exe
PRC - [2010/06/27 01:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) -- C:\Program Files\Virtual Router\VirtualRouterService.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 12:16:10 | 001,130,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/05/21 19:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 22:54:34 | 000,122,368 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wxbase28uh_net_vc.dll
MOD - [2012/09/21 22:54:33 | 000,479,744 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wxmsw28uh_html_vc.dll
MOD - [2012/09/21 22:54:33 | 000,110,592 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\pywintypes26.dll
MOD - [2012/09/21 22:54:32 | 003,168,768 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wxmsw28uh_core_vc.dll
MOD - [2012/09/21 22:54:32 | 001,306,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wxbase28uh_vc.dll
MOD - [2012/09/21 22:54:32 | 000,730,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wxmsw28uh_adv_vc.dll
MOD - [2012/09/21 22:54:30 | 000,980,992 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._core_.pyd
MOD - [2012/09/21 22:54:27 | 000,744,960 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._gdi_.pyd
MOD - [2012/09/21 22:54:27 | 000,665,600 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\_ssl.pyd
MOD - [2012/09/21 22:54:26 | 000,669,696 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._windows_.pyd
MOD - [2012/09/21 22:54:26 | 000,011,776 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\autopy.key.pyd
MOD - [2012/09/21 22:54:24 | 000,346,112 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._html.pyd
MOD - [2012/09/21 22:54:24 | 000,096,256 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\win32api.pyd
MOD - [2012/09/21 22:54:24 | 000,073,728 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\_ctypes.pyd
MOD - [2012/09/21 22:54:24 | 000,010,752 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\autopy.mouse.pyd
MOD - [2012/09/21 22:54:23 | 000,675,328 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._misc_.pyd
MOD - [2012/09/21 22:54:23 | 000,040,448 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\_socket.pyd
MOD - [2012/09/21 22:54:22 | 000,966,144 | ---- | M] () -- C:\Users\ACErias\AppData\Local\Temp\_MEI41362\wx._controls_.pyd
MOD - [2012/07/14 06:06:14 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/14 06:06:11 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/06 17:50:08 | 000,167,152 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ptv.dll
MOD - [2012/03/06 17:50:06 | 000,231,152 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ttv.dll
MOD - [2012/03/06 17:50:04 | 000,287,472 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\lsv.dll
MOD - [2012/03/06 17:50:04 | 000,241,904 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\fptassrv.dll
MOD - [2012/03/06 17:50:02 | 000,288,496 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\agentd.dll
MOD - [2012/03/06 17:48:48 | 000,135,920 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\gma.dll
MOD - [2012/03/06 17:48:42 | 000,305,392 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\dump.dll
MOD - [2011/10/07 17:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 20:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files\Remote Mouse Server\RemoteMouse.exe


========== Services (SafeList) ==========

SRV - [2012/09/14 17:37:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/14 06:06:13 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/02 23:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/28 03:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/23 04:37:00 | 003,440,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/03 03:00:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/21 19:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ACErias\AppData\Local\Temp\HLXB6A.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\games related\blackshot\Blackshot\System\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/02 14:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 14:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/04/27 13:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/05/25 20:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009/05/25 20:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 20:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009/05/25 20:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 20:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009/05/25 20:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 20:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
DRV - [2009/05/25 04:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/05/02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/01/03 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.msn.com/
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/iat/us_sg.aspx
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 32 45 6B 66 02 CB 01 [binary data]
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.th123.com
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{6B0DE6AB-F1C5-4611-8D8C-8D9D6545FAA4}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-26 08:25:34&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...shion010_oem_dg
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\SearchScopes\{EB9800A3-98D9-4CD3-97E4-145C030C7DE4}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "StartNow "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110829"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.14
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.79
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3.3
FF - prefs.js..extensions.enabledAddons: [email protected]:4.8.2
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0
FF - prefs.js..extensions.enabledAddons: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.7
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:0.79
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ACErias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/14 04:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/14 06:06:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/19 14:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/27 11:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 16:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 17:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 22:13:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 17:37:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 22:13:43 | 000,000,000 | ---D | M]

[2010/06/06 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Extensions
[2010/06/06 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/16 15:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions
[2012/09/07 15:25:26 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/02/05 19:05:46 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/05/20 14:44:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/07 15:25:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/31 01:43:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/28 12:11:48 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2010/07/06 22:48:12 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/09/14 17:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged
[2011/03/21 14:21:33 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2011/07/02 21:39:30 | 000,003,004 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/05/24 15:22:38 | 000,031,033 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/06/17 00:34:35 | 000,139,765 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2012/08/10 17:25:40 | 000,324,456 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\[email protected]
[2011/07/23 02:48:13 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/09/07 15:25:28 | 000,590,708 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012/07/29 11:18:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/30 23:28:32 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/08/10 17:25:41 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/07 15:25:28 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/03/31 01:43:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/09/14 17:44:15 | 000,371,729 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged\[email protected]
[2012/09/14 17:44:20 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\extensions\staged\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/08/29 12:59:39 | 000,001,945 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\bing-zugo.xml
[2012/09/14 17:42:03 | 000,001,088 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\dictionarycom.xml
[2012/09/14 17:38:49 | 000,002,356 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\Mozilla\Firefox\Profiles\eoxghten.default\searchplugins\startnow.xml
[2012/09/14 16:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 21:22:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/14 16:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/01/19 14:21:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\ACERIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EOXGHTEN.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
[2012/09/14 17:37:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/31 16:56:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 06:06:11 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/14 17:37:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/08 01:58:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/09/14 17:37:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.sg/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestquerie...q={searchTerms},
CHR - homepage: http://www.google.com.sg/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ACErias\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ACErias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google Search = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click&Clean = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: AdBlock = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.44_0\
CHR - Extension: TweetDeck = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: BitTorrentBar = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.8.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\ACErias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (2EC458C8-E335-F3FD-E99A-AA3289BA7F0B Class) - {2EC458C8-E335-F3FD-E99A-AA3289BA7F0B} - C:\Program Files\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3069974616-2818343433-3339982986-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.2.16 218.186.2.6 202.156.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CE4EA5-899C-4FD2-AAA2-49973984F33A}: DhcpNameServer = 202.65.244.32 202.65.247.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2109B20E-1BA2-4891-A035-2A1A53971B61}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C06ADB9-18C3-463E-8245-3CE1B34AF03B}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CD4302C-FEB6-425C-A6B1-BD4065481B38}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4609A6A0-2FE9-49D2-B5A6-72795FEA9A57}: DhcpNameServer = 165.21.83.88 165.21.100.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{513580FF-C829-4DA2-8418-5C26EBF054D8}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC68B585-F57A-439C-B433-62F67E65BCA1}: DhcpNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0094ED-81ED-4992-A0A6-CD5ABDA6AC90}: DhcpNameServer = 218.186.2.16 218.186.2.6 202.156.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7F2D43-F120-4C1D-9A59-A1F6E8BFFCAB}: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{296c2f3c-6e59-11df-a7e8-001d7227988c}\Shell - "" = AutoRun
O33 - MountPoints2\{296c2f3c-6e59-11df-a7e8-001d7227988c}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{c4580922-0e43-11e0-81c9-001d7227988c}\Shell - "" = AutoRun
O33 - MountPoints2\{c4580922-0e43-11e0-81c9-001d7227988c}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/09/20 09:33:43 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
[2012/09/20 00:21:10 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\SpeedyPC Software
[2012/09/20 00:21:10 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\DriverCure
[2012/09/20 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/09/20 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/09/20 00:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/20 00:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/09/19 23:58:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/09/19 23:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/19 23:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/19 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Local\NPE
[2012/09/14 16:44:37 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/09/14 16:44:37 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/09/14 16:44:37 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/09/14 04:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/09 11:12:31 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Local\StartNow
[2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/09 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\ACErias\AppData\Local\Logishrd
[2012/08/09 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/07/26 03:21:30 | 000,237,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

File not found -- C:\Users\ACErias\Desktop\Sean Paul -
File not found -- C:\Users\ACErias\Desktop\Pitbull - Back In Time (featured in
File not found -- C:\Users\ACErias\Desktop\Lyrikill Flo Rida
[2012/09/22 00:01:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000UA.job
[2012/09/21 23:52:52 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 23:52:52 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 23:00:16 | 000,003,910 | ---- | M] () -- C:\Users\ACErias\funshion.ini
[2012/09/21 22:58:37 | 000,000,911 | ---- | M] () -- C:\Users\ACErias\AppData\Roaming\coreavc.ini
[2012/09/21 22:57:55 | 095,427,205 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/21 22:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 22:52:40 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 18:00:01 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/20 17:16:30 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ACErias.job
[2012/09/20 09:34:32 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000Core.job
[2012/09/20 09:33:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\ACErias\Desktop\OTL.exe
[2012/09/07 03:02:22 | 000,002,465 | ---- | M] () -- C:\Users\ACErias\Desktop\Google Chrome.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/27 03:47:23 | 000,223,492 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/25 02:58:57 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/15 22:13:44 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/09 18:31:55 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\ACErias\Desktop\Sean Paul -
File not found -- C:\Users\ACErias\Desktop\Pitbull - Back In Time (featured in
File not found -- C:\Users\ACErias\Desktop\Lyrikill Flo Rida
[2012/09/20 00:21:16 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2011/08/29 12:40:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/23 17:13:37 | 000,000,911 | ---- | C] () -- C:\Users\ACErias\AppData\Roaming\coreavc.ini
[2011/05/18 09:35:46 | 000,003,910 | ---- | C] () -- C:\Users\ACErias\funshion.ini
[2011/05/18 09:35:46 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/12/28 02:07:19 | 000,007,680 | ---- | C] () -- C:\Users\ACErias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 11:39:29 | 000,000,000 | ---- | C] () -- C:\Users\ACErias\AppData\Local\prvlcl.dat
[2010/11/12 14:04:24 | 000,000,099 | ---- | C] () -- C:\Users\ACErias\jagex_runescape_preferences2.dat
[2010/11/12 14:01:39 | 000,000,046 | ---- | C] () -- C:\Users\ACErias\jagex_runescape_preferences.dat
[2010/08/05 01:01:14 | 000,007,655 | ---- | C] () -- C:\Users\ACErias\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2010/06/18 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\ARGELA
[2011/10/26 08:23:37 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\AVG2012
[2012/02/19 14:44:56 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\Azureus
[2012/09/22 00:34:30 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\BitTorrent
[2011/08/29 12:07:47 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\BSD
[2012/05/05 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\Canon
[2010/08/07 12:06:19 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012/06/04 13:24:45 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\DiskAid
[2012/09/20 00:21:10 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\DriverCure
[2010/06/07 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\Facebook
[2011/01/01 15:25:17 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\GetRightToGo
[2011/08/29 12:58:13 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\ImTOO
[2011/08/29 12:40:25 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\iPodtoComputer
[2011/06/04 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\KuGou
[2010/11/27 01:08:32 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\Leadertech
[2010/07/05 09:25:22 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\LimeWire
[2010/06/17 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\My ClickOnce Applications
[2012/09/20 00:21:10 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\SpeedyPC Software
[2011/08/29 12:03:13 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\TuneAid
[2012/06/04 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\WindSolutions
[2012/06/04 13:37:06 | 000,000,000 | ---D | M] -- C:\Users\ACErias\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\System32\qmgr.dll
[2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 13:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 12:53:46 | 000,032,654 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010/08/03 22:02:03 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000Core.job
[2010/08/03 22:02:04 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069974616-2818343433-3339982986-1000UA.job
[2011/10/21 12:35:28 | 000,000,444 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for ACErias.job
[2012/09/20 00:21:16 | 000,000,472 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2009/07/14 09:14:59 | 000,018,944 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2002
"Last Counter" = 2018
"First Help" = 2003
"Last Help" = 2019
"Object List" = 2002
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: ACERIAS-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C NTFS Partition 51 GB Healthy System
Volume 2 D DATA NTFS Partition 51 GB Healthy
Volume 3 PQSERVICE FAT32 Partition 9 GB Healthy Hidden

========== Files - Unicode (All) ==========
File not found(C:\Users\ACErias\Desktop\[MV]????(Rainbow)Full HD) -- C:\Users\ACErias\Desktop\[MV]레인보우(Rainbow)Full HD

< End of report >
  • 0

#9
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 06:39:56
-----------------------------
06:39:56.237 OS Version: Windows 6.1.7600
06:39:56.237 Number of processors: 2 586 0xF0D
06:39:56.240 ComputerName: ACERIAS-PC UserName: ACErias
06:40:00.440 Initialize success
06:40:20.383 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
06:40:20.387 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 3
06:40:20.425 Disk 0 MBR read successfully
06:40:20.429 Disk 0 MBR scan
06:40:20.435 Disk 0 Windows 7 default MBR code
06:40:20.478 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
06:40:20.541 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52238 MB offset 20482048
06:40:20.606 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52233 MB offset 127465472
06:40:20.652 Disk 0 scanning sectors +234438656
06:40:20.806 Disk 0 scanning C:\Windows\system32\drivers
06:40:33.124 Service scanning
06:41:10.664 Modules scanning
06:41:25.586 Disk 0 trace - called modules:
06:41:25.617 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
06:41:25.626 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a5a6a8]
06:41:25.635 3 CLASSPNP.SYS[88fb459e] -> nt!IofCallDriver -> [0x85570938]
06:41:25.642 5 ACPI.sys[88a9c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85979030]
06:41:25.651 Scan finished successfully
06:41:33.178 Disk 0 MBR has been saved successfully to "C:\Users\ACErias\Desktop\MBR.dat"
06:41:33.187 The log file has been saved successfully to "C:\Users\ACErias\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 06:39:56
-----------------------------
06:39:56.237 OS Version: Windows 6.1.7600
06:39:56.237 Number of processors: 2 586 0xF0D
06:39:56.240 ComputerName: ACERIAS-PC UserName: ACErias
06:40:00.440 Initialize success
06:40:20.383 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
06:40:20.387 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 3
06:40:20.425 Disk 0 MBR read successfully
06:40:20.429 Disk 0 MBR scan
06:40:20.435 Disk 0 Windows 7 default MBR code
06:40:20.478 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
06:40:20.541 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52238 MB offset 20482048
06:40:20.606 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52233 MB offset 127465472
06:40:20.652 Disk 0 scanning sectors +234438656
06:40:20.806 Disk 0 scanning C:\Windows\system32\drivers
06:40:33.124 Service scanning
06:41:10.664 Modules scanning
06:41:25.586 Disk 0 trace - called modules:
06:41:25.617 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
06:41:25.626 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a5a6a8]
06:41:25.635 3 CLASSPNP.SYS[88fb459e] -> nt!IofCallDriver -> [0x85570938]
06:41:25.642 5 ACPI.sys[88a9c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85979030]
06:41:25.651 Scan finished successfully
06:41:33.178 Disk 0 MBR has been saved successfully to "C:\Users\ACErias\Desktop\MBR.dat"
06:41:33.187 The log file has been saved successfully to "C:\Users\ACErias\Desktop\aswMBR.txt"
06:42:15.151 Disk 0 MBR has been saved successfully to "C:\Users\ACErias\Desktop\MBR.dat"
06:42:15.162 The log file has been saved successfully to "C:\Users\ACErias\Desktop\aswMBR.txt"
  • 0

#10
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
the problem i am facing is that whenever i click chrome ,startnow will appear. for chrome,2 tabs will appear. 1 is my homepage the other is startnow. i tried deleting the extension,changing the homepaage and so on,but it is not effective.
  • 0

#11
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
since i am here,i have also files which cannot be deleted. the files keep saying it couldnt locate the files. the files were the result of incomplete downloads.i tried 'taking ownership' of the files but yet it still cant be deleted.
  • 0

#12
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Please post the contents of Extras.txt, which will be in the same that OTL is located.
  • 0

#13
skyace

skyace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Extras logfile created on: 9/22/2012 12:24:51 AM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\ACErias\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.11% Memory free
2.97 Gb Paging File | 1.51 Gb Available in Paging File | 50.88% Paging File free
Paging file location(s): c:\pagefile.sys 1000 3057 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 7.99 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 4.33 Gb Free Space | 8.48% Space Free | Partition Type: NTFS

Computer Name: ACERIAS-PC | User Name: ACErias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0342810F-758D-4375-BA62-228216C5932F}" = rport=139 | protocol=6 | dir=out | app=system |
"{0C489556-62C1-4342-854F-56F3B609462F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0E934A2E-C030-4AA4-A25F-580545FB306B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12687C6B-4FE8-458D-B470-23EDC7E34410}" = lport=138 | protocol=17 | dir=in | app=system |
"{1941EAF0-6525-4036-A32F-F88F04ED4057}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1C8C0A04-291E-4E9B-817D-3E90CDA4E9B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F71AD5D-447C-4368-9A70-5900FF86F405}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3517F93A-E821-48CC-BA75-1699C49BC63D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41E68FB1-129C-4516-8C2B-EB3F02C522E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D11D338-B9F8-44C6-8F2D-CC77E178B00B}" = lport=1900 | protocol=17 | dir=in | name=creative centrale udp port |
"{556EB602-9D21-4AFB-9B07-FC7D78994533}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{69FBBFE3-8A5A-49BC-AE1D-AED300D5F2AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79B28425-2B40-4C18-8D0E-6EF3044B8550}" = rport=137 | protocol=17 | dir=out | app=system |
"{89FC9DB4-7539-4981-BFA2-9F5BBF3CAAC4}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F51F4A0-3521-4AB4-A400-F213023BF965}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F86F501-53D6-450F-A833-C5C174921C9A}" = lport=2869 | protocol=6 | dir=in | name=creative centrale tcp port 1 |
"{A30EDA84-E863-48FE-BE7C-DE5B532B71AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4DB6153-5175-40AD-AAD9-37C092F27578}" = lport=139 | protocol=6 | dir=in | app=system |
"{A940A0F7-1D5F-4ECA-9541-764EDE958F73}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA710122-1C2B-4BD8-85DB-DD46191E5F38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B11B16D5-3E5A-4A4E-88E6-640D019D828A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B388E983-0F23-4D15-BB59-0178F534CDEC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6CB94DA-2F08-47AB-AEA0-3B336D82186A}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA6D473A-757B-4304-9004-8147B597B5EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D652CBE3-B4BA-45E3-84D6-E29303A018B4}" = lport=2861 | protocol=6 | dir=in | name=creative centrale tcp port 2 |
"{DB8CB5B5-69F6-4F03-8AF2-E5F071A3CEC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{E860AA05-4A48-46CD-970F-159E01BB1AC7}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |
"{F4194B2A-A0EF-4C86-86C5-5362F9D5BF98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9047117-A445-4A91-93F3-E526826AAC71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00969C8B-AFC6-4E64-902B-3BC98DB6EFC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A0CFA40-61A9-408B-BA74-AB0047890702}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{1017CA22-3B9C-4F33-9B02-4481C8989B5B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{19250727-0066-4EFC-BA18-D6D70316F743}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{1AC0A1A8-90DD-46C0-81BA-9FBDCD493D8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B04CF73-D4F2-4648-8495-4DB66F4E4B1A}" = protocol=17 | dir=in | app=c:\program files\creative\creative centrale\ctupnpfn.exe |
"{1FC9B79F-2982-4B1C-9308-29857CD40D5F}" = protocol=58 | dir=out | [email protected],-28546 |
"{20244D3D-2463-46E5-B8A9-0A2B7676F9D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{204DAB15-1ED7-435E-93C3-B372DA4567F8}" = protocol=6 | dir=in | app=c:\program files\creative\creative centrale\ctupnpfn.exe |
"{24A60EAA-0F24-425F-BFD7-662DF52F8E60}" = protocol=17 | dir=in | app=c:\program files\remote mouse server\remotemouse.exe |
"{26F30FFF-5954-4084-8BAE-9173405DD527}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3888FE05-3909-4B54-B9FB-757DAE4BDA8E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4222C4F3-255A-402F-9EFB-68BE8613EC41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48AEB9BE-8DF2-4215-ADAB-ADADF3731B4E}" = protocol=1 | dir=in | [email protected],-28543 |
"{4A87E9DD-D143-4AFF-BA54-C6C5583FAC7F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{5184B599-4DE5-4D4F-8C0F-15648907A056}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{55F0E138-55AE-41C9-8537-10BF430D8AAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{570808C0-3CA5-4427-8BE9-BD2CA2FB15D5}" = protocol=1 | dir=out | [email protected],-28544 |
"{596D07E9-25B6-4D84-BCA7-C0EA16C3E58F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69062F3A-282A-43EE-8D03-8F6834B62780}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6C1499F2-534A-4761-851C-A3203FA253A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71DD8880-8079-4060-9230-FA5352998F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7331D56F-00E3-423F-AF6A-C8E37E3BF7A1}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{81ACD46F-BD2C-46F0-8355-86B48186A544}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{85B80279-894F-4440-9D2A-F33C2D7DE445}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8C2ECFD3-D52F-43BC-8751-1E004ED6CCE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{94B85541-77EF-46B4-BC30-16EC07347B51}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9DFCB2A0-4234-4681-85C8-6C3A21FB0192}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{A301FCEB-287A-4916-BED6-64ADF79518D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{AC82F82C-74C0-48B2-A704-C7D5F1FAA102}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AD467ABB-3325-4AEF-BAE5-42E0D6C1C387}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{AE4AD12C-6991-419E-B617-0B897ED89FED}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{B67851A8-AEA4-4AE7-809B-7A138876AA27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEA4FC52-DDBE-49AB-BDF0-7E0C481FA200}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BF616F90-46AA-42ED-B3D8-620BA06A16B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C48E4A98-F03E-4211-87A0-A974ED914724}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE083978-8141-4FB5-8094-2849B957DCD8}" = protocol=6 | dir=in | app=c:\program files\remote mouse server\remotemouse.exe |
"{D2505ED5-507B-4236-8F65-9C07DC9264C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D684197C-2D32-490F-8CE6-2D7426644154}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{DF6C4BF1-327A-4087-BCD5-F8FE9E7CDD38}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{ED8AAA7F-30BE-46A4-BF02-2205DF34341F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFAD3B85-5DAD-450D-BF19-76F382841621}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0C4ECD2-0033-48E2-9445-E02E8789F3F1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F712A48F-4B1B-483E-8F0A-9F089118C8EB}" = protocol=6 | dir=out | app=system |
"{FD29B79F-C4B5-4873-A8EF-A6B63ADDB0A5}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{1ABEA7E1-0D1D-44C9-B661-2D5649AD169F}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{23F9C865-5A7F-4DE4-B653-4D87D81AFB28}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2A806434-F108-4712-AFC3-F487AA0547BD}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{2B38AE30-4538-46AE-9349-C593699B4067}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{4A73A162-EC5D-4CC4-A68C-2B357E2F1D23}C:\program files\remote mouse server\remotemouse.exe" = protocol=6 | dir=in | app=c:\program files\remote mouse server\remotemouse.exe |
"TCP Query User{55747F07-9667-48D7-8059-12C72662FC98}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{AFF87878-40F4-47BA-B0F4-EB105A59820D}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{D447439B-57E5-4072-A3A6-F0ABBDE42B21}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"TCP Query User{E33325E6-F5C6-475B-BC51-F2698327E960}C:\users\acerias\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\acerias\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F404B5BB-3536-411A-BF00-4A6CFA92FFC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{140B6E74-28F9-47A6-B88C-585A9810EBD2}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"UDP Query User{16565CA1-9EA2-47C8-96D9-F38A036966FE}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{23E9D29E-B64E-4B3F-AA99-8CE884C07782}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{80B306DB-4B5B-4443-B7F5-280913E36589}C:\users\acerias\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\acerias\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{82B532A5-7ABC-4D6C-96E0-1E73762B2CA0}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{8EA86D5E-6840-4092-988B-422E04D1EC1E}C:\program files\remote mouse server\remotemouse.exe" = protocol=17 | dir=in | app=c:\program files\remote mouse server\remotemouse.exe |
"UDP Query User{97E5EA20-ED7A-437C-AF23-BC9E632AA586}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B3F54743-10D5-45C4-8AB2-417717188416}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D8E9CBCC-FC3E-4148-B433-CC666C2BE8F6}C:\program files\funshion online\funshion\funshionservice.exe" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"UDP Query User{E840EEE6-72A8-473F-9803-E34BA45458F0}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{7211EA6A-AB0F-432D-915E-F13166F2FB0B}" = OffiSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.170.25.19_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse Server version 1.05
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Creative Centrale" = Creative Centrale
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.60
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"Funshion" = Funshion
"Garena" = Garena 2010
"Giraffic" = Veoh Giraffic Video Accelerator
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LimeWire" = LimeWire 5.5.9
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"RealPlayer 15.0" = RealPlayer
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel® TV Wizard
"Veoh Web Player Beta" = Veoh Web Player
"VideoConverterFactory" = Video Converter Factory
"VLC media player" = VLC media player 1.1.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 beta 3 (32-bit)
"ZENX-FI" = Creative ZEN X-Fi User's Guide
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3069974616-2818343433-3339982986-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8f3d5f316bf9c08f" = OffiSync
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2012 2:13:50 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 9/20/2012 2:13:50 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 9/20/2012 2:13:50 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 9/20/2012 2:13:50 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 9/20/2012 2:13:50 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 9/21/2012 11:58:51 AM | Computer Name = ACErias-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 21.0.1180.89 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 123c Start
Time: 01cd9810626cf208 Termination Time: 47 Application Path: C:\Users\ACErias\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id:

[ Media Center Events ]
Error - 6/6/2010 9:49:41 PM | Computer Name = ACErias-PC | Source = MCUpdate | ID = 0
Description = 9:49:26 AM - Error connecting to the internet. 9:49:26 AM - Unable
to contact server..

Error - 7/27/2010 3:24:46 PM | Computer Name = ACErias-PC | Source = MCUpdate | ID = 0
Description = 3:24:46 AM - Error connecting to the internet. 3:24:46 AM - Unable
to contact server..

Error - 7/27/2010 4:24:51 PM | Computer Name = ACErias-PC | Source = MCUpdate | ID = 0
Description = 4:24:51 AM - Error connecting to the internet. 4:24:51 AM - Unable
to contact server..

Error - 7/27/2010 5:24:56 PM | Computer Name = ACErias-PC | Source = MCUpdate | ID = 0
Description = 5:24:56 AM - Error connecting to the internet. 5:24:56 AM - Unable
to contact server..

[ OSession Events ]
Error - 7/6/2010 7:44:59 AM | Computer Name = ACErias-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3839
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 8/22/2010 4:37:23 AM | Computer Name = ACErias-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/14/2012 9:00:40 PM | Computer Name = ACErias-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \DR1.

Error - 9/15/2012 2:37:04 PM | Computer Name = ACErias-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/15/2012 11:42:01 PM | Computer Name = ACErias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:12:28 AM on ?9/?16/?2012 was unexpected.

Error - 9/19/2012 11:09:54 AM | Computer Name = ACErias-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/19/2012 11:40:49 AM | Computer Name = ACErias-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2012 2:13:33 AM | Computer Name = ACErias-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:39:12 PM on ?9/?20/?2012 was unexpected.

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 9/20/2012 2:13:56 AM | Computer Name = ACErias-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 9/20/2012 2:14:26 AM | Computer Name = ACErias-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056

Error - 9/20/2012 2:15:34 AM | Computer Name = ACErias-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
  • 0

#14
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi skyace,

Step One: Uninstall P2P Programs

You are using peer-to-peer program(s), specifically BitTorrent and Vuze.
These are optional removals. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to remove them, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

  • Click Start and select Control Panel.
  • In Control Panel, select Programs and Features.
  • Select BitTorrent and Vuze and click Uninstall.

Step Two: Download and run AdwCleaner

Download AdwCleaner from here to your desktop.
Run AdwCleaner and select Delete.

Posted Image

Once done it will ask to reboot, allow this.
On reboot a log will be produced please attach that.

Step Three: Run chkdsk

Go to the Start Orb > All Programs > Accessories
Right click command prompt and select run as administrator
In the black box type the following (Note that there is a space before the C and after the :):

chkdsk C: /r

If it asks to do this at next boot - allow it to do so, then reboot.

Step Four: Scan with OTL

Run OTL
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

What I need in your next post:
1. The AdwCleaner log.
2. The new OTL log, OTL.txt.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP