Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to close: appdata roaming microsoft windows templates authz.exe

Started by stevekp , Feb 09 2013 01:47 AM

  • This topic is locked This topic is locked

#1
stevekp
Posted 09 February 2013 - 01:47 AM

stevekp

    New Member

  • Member
  • Pip
  • 4 posts
Hi people. This command window keeps popping up, and I am not able to close it at all. Once I close, it will relaunch itself again. Pleas help!!! Thank you.

Untitled.jpg
  • 0

Advertisements

#2
Phel
Posted 09 February 2013 - 12:24 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, stevekp and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, follow these steps:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


  • 0

#3
stevekp
Posted 09 February 2013 - 07:08 PM

stevekp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL.TXT

OTL logfile created on: 10/2/2013 8:36:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve Phua\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.29% Memory free
6.98 Gb Paging File | 4.56 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 709.81 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Computer Name: STEVEPHUA-PC | User Name: Steve Phua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/10 08:36:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve Phua\Downloads\OTL.exe
PRC - [2013/02/09 20:42:44 | 000,013,824 | RH-- | M] (Microsoft Corporation) -- C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\authz.exe
PRC - [2013/02/09 20:42:12 | 000,340,480 | RH-- | M] (Locktime Software) -- C:\Users\Steve Phua\AppData\Local\Temp\BioCredProv.exe
PRC - [2013/02/09 20:42:12 | 000,340,480 | ---- | M] (Locktime Software) -- C:\Users\Steve Phua\AppData\Roaming\a.exe
PRC - [2013/01/30 22:49:28 | 000,011,264 | RH-- | M] (Microsoft Corporation) -- C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\CertPolEng.exe
PRC - [2013/01/21 03:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steve Phua\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/10 14:17:29 | 064,032,768 | RHS- | M] (KMSnano) -- C:\Users\Steve Phua\AppData\Local\Temp\panmap.exe
PRC - [2012/12/25 14:06:42 | 000,246,560 | ---- | M] (Funshion) -- C:\Program Files\Common Files\FunshionLauncher\FSLauncher.exe
PRC - [2012/12/18 22:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/11/30 10:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/27 12:15:26 | 003,923,144 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\Funshion.exe
PRC - [2012/11/27 12:06:20 | 002,330,824 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/03 03:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/03 03:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/04/12 16:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/08/08 10:17:18 | 000,768,528 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/08/08 10:15:16 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2007/08/08 10:15:02 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
PRC - [2007/08/08 10:13:36 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2004/07/14 15:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/26 10:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 10:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 10:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 10:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 10:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/10 03:29:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6225b8c909481df185b6eea08682a28b\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/10 03:25:08 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bc4b4530122d7def9d3ba0165b06536b\System.Data.ni.dll
MOD - [2013/01/10 03:24:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4a12f6f34f05a3e27f5ea4a72625e5f8\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:24:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\287e0f73a2bb79d6ba7f6141d6914bab\System.Drawing.ni.dll
MOD - [2013/01/10 03:24:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98b49167a3373cf333d4c89ac47dcefb\System.ni.dll
MOD - [2013/01/10 03:24:18 | 011,493,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2866646f2e764e809451219352b63ef0\mscorlib.ni.dll
MOD - [2012/11/27 12:01:32 | 000,169,672 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ptv.dll
MOD - [2012/11/27 12:01:24 | 000,298,696 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\lsv.dll
MOD - [2012/11/27 12:01:22 | 000,293,576 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\agentd.dll
MOD - [2012/11/27 12:01:20 | 000,240,128 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\ttv.dll
MOD - [2012/11/27 11:59:54 | 000,462,024 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\gma.dll
MOD - [2012/11/27 11:59:48 | 000,307,400 | ---- | M] () -- C:\Program Files\Funshion Online\Funshion\dump.dll
MOD - [2012/01/08 21:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\FSRremoS.EXE


========== Services (SafeList) ==========

SRV - [2013/02/09 01:00:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 10:29:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/25 14:06:18 | 000,073,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\FunshionLauncher\FunshionSvr.dll -- (FunshionSvr)
SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/31 16:30:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 09:14:30 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2007/08/08 10:15:02 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/03 23:59:20 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/04/12 16:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/26 16:27:36 | 000,015,240 | ---- | M] (www.ISRA.org.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\ProtectorA.sys -- (ProtectorA)
DRV - [2009/11/26 16:26:22 | 000,034,184 | ---- | M] (www.ISRA.org.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\Protector.sys -- (Protector)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/06/12 13:04:12 | 000,036,496 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/06/12 13:04:06 | 000,035,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Steve Phua\Documents\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF 16 43 96 C7 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EC0B4DB6-43E7-4518-885C-41B0E7D42DEF}
IE - HKCU\..\SearchScopes\{05178291-CE66-4C53-8EFB-B8C777E5D641}: "URL" = http://websearch.ask...5A-91D05EFE9643
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{EC0B4DB6-43E7-4518-885C-41B0E7D42DEF}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "https://mail.google..../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Steve Phua\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve Phua\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve Phua\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/02/03 22:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/02/02 09:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 10:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 10:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/12/31 15:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Extensions
[2012/12/31 15:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/14 21:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/31 18:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/31 18:40:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013/02/09 20:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\Profiles\3wss7rsy.default\extensions
[2012/12/14 22:00:13 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\Profiles\3wss7rsy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/03 00:53:06 | 000,002,343 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\Profiles\3wss7rsy.default\searchplugins\askcom.xml
[2013/02/05 19:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/28 10:29:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/28 10:29:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/28 10:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/05 19:55:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\STEVE PHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3WSS7RSY.DEFAULT\EXTENSIONS\[email protected]
[2013/01/28 10:29:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 16:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 16:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Steve Phua\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Steve Phua\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\Steve Phua\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/03/23 18:49:18 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BOC ProcessProtect Class) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\Windows\System32\ProcessProtection.dll (www.ISRA.org.cn)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Authorization Framework] C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\authz.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Certificate Policy Engine] C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\CertPolEng.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Steve Phua\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKCU..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey File not found
O4 - HKCU..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - Startup: C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steve Phua\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steve Phua\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steve Phua\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bankofchina.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F274033-ADA4-4776-9A28-DD444823ADF7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/09 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Desktop\MPEGII
[2013/02/09 22:40:04 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Desktop\New folder
[2013/02/09 15:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/02/09 15:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/09 00:54:20 | 000,340,480 | ---- | C] (Locktime Software) -- C:\Users\Steve Phua\AppData\Roaming\a.exe
[2013/02/08 05:27:02 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Documents\Windows
[2013/02/08 05:26:27 | 000,137,728 | ---- | C] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\zp.exe
[2013/02/07 18:09:37 | 000,343,552 | ---- | C] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\jp.exe
[2013/02/05 19:53:01 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\TuneUp Software
[2013/02/03 01:46:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/03 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Documents\Custom Office Templates
[2013/02/02 03:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/02/02 03:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/02/02 03:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/02/02 03:07:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/02/02 03:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/02/02 03:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/02/02 03:02:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/02/02 02:50:26 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\AVG10
[2013/02/01 20:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2013/02/01 20:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2013/02/01 20:44:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2013/01/31 00:43:39 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Documents\Services
[2013/01/31 00:06:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/30 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\Prodiance
[2013/01/30 23:44:33 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Documents\OneNote Notebooks
[2013/01/30 22:49:29 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\dclogs
[2013/01/30 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/30 22:31:01 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\ExpressFiles
[2013/01/28 10:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/27 21:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/01/26 00:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion
[2013/01/26 00:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FunshionLauncher
[2013/01/20 17:42:31 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\Desktop\Lomography Lab
[2013/01/19 00:00:46 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/19 00:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/12/01 20:31:31 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve Phua\AppData\Roaming\sidebar.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/10 08:41:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/10 08:36:44 | 000,007,732 | ---- | M] () -- C:\Users\Steve Phua\funshion.ini
[2013/02/10 08:36:27 | 000,039,656 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\ambooks
[2013/02/10 08:16:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293250055-1403046024-1051360379-1000UA.job
[2013/02/10 08:11:13 | 109,535,996 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/02/10 08:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/10 08:00:01 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\Acrobat Update.job
[2013/02/10 06:08:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-293250055-1403046024-1051360379-1000UA.job
[2013/02/10 06:08:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-293250055-1403046024-1051360379-1000Core.job
[2013/02/09 23:17:38 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/09 23:17:38 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/09 20:42:12 | 000,340,480 | ---- | M] (Locktime Software) -- C:\Users\Steve Phua\AppData\Roaming\a.exe
[2013/02/09 20:33:41 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 20:33:41 | 000,020,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 20:26:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/09 20:25:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/09 20:25:39 | 2810,105,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/09 12:16:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293250055-1403046024-1051360379-1000Core.job
[2013/02/08 05:26:27 | 000,137,728 | ---- | M] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\zp.exe
[2013/02/08 00:10:47 | 000,098,478 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/02/07 22:35:22 | 000,343,552 | ---- | M] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\jp.exe
[2013/02/07 22:08:50 | 000,001,456 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/02 23:23:32 | 325,302,566 | ---- | M] () -- C:\Users\Steve Phua\Desktop\Chinatown & OOTD & Nonya Puff.zip
[2013/02/02 23:15:31 | 003,870,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/02 09:00:37 | 000,001,101 | ---- | M] () -- C:\Users\Steve Phua\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/02/02 02:56:59 | 000,629,730 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2013/02/01 20:41:35 | 000,000,370 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/31 03:12:18 | 000,000,000 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\cybergate.dat
[2013/01/29 23:45:17 | 000,001,058 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/27 23:48:54 | 000,005,632 | ---- | M] () -- C:\Users\Steve Phua\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/27 21:31:32 | 535,449,541 | ---- | M] () -- C:\Users\Steve Phua\Desktop\Makeup + Product + OOTD + Sou Ji steamboat.zip
[2013/01/26 00:37:03 | 000,002,179 | ---- | M] () -- C:\Users\Steve Phua\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
[2013/01/26 00:37:03 | 000,001,232 | ---- | M] () -- C:\Windows\System32\funshion.ini
[2013/01/26 00:36:41 | 000,000,911 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\coreavc.ini
[2013/01/20 17:34:48 | 613,789,653 | ---- | M] () -- C:\Users\Steve Phua\Desktop\HITEA & CSHH & LOMO.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/10 08:11:13 | 109,535,996 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/02/09 15:01:48 | 000,005,702 | -H-- | C] () -- C:\Windows\nod32restoretemdono.reg
[2013/02/09 15:01:48 | 000,000,568 | -H-- | C] () -- C:\Windows\nod32fixtemdono.reg
[2013/02/08 00:10:47 | 000,098,478 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/02/02 23:24:03 | 325,302,566 | ---- | C] () -- C:\Users\Steve Phua\Desktop\Chinatown & OOTD & Nonya Puff.zip
[2013/02/02 09:00:37 | 000,001,101 | ---- | C] () -- C:\Users\Steve Phua\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/02/02 02:56:59 | 000,629,730 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2013/01/31 03:12:18 | 000,000,000 | ---- | C] () -- C:\Users\Steve Phua\AppData\Roaming\cybergate.dat
[2013/01/30 22:53:18 | 000,039,656 | ---- | C] () -- C:\Users\Steve Phua\AppData\Roaming\ambooks
[2013/01/27 21:31:40 | 535,449,541 | ---- | C] () -- C:\Users\Steve Phua\Desktop\Makeup + Product + OOTD + Sou Ji steamboat.zip
[2013/01/20 17:34:24 | 613,789,653 | ---- | C] () -- C:\Users\Steve Phua\Desktop\HITEA & CSHH & LOMO.zip
[2012/12/02 16:26:38 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2012/12/02 16:26:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2012/12/01 20:31:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/11/19 03:02:19 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/09/23 10:59:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/07 15:45:26 | 000,005,632 | ---- | C] () -- C:\Users\Steve Phua\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/20 10:05:51 | 000,000,370 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/03 23:11:52 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/08/03 23:11:52 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/07/13 22:45:36 | 000,001,456 | ---- | C] () -- C:\Users\Steve Phua\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/01/16 22:21:32 | 000,157,696 | ---- | C] () -- C:\Windows\System32\IS_VideoConverterContextMenu.dll
[2012/01/13 22:35:48 | 000,000,911 | ---- | C] () -- C:\Users\Steve Phua\AppData\Roaming\coreavc.ini
[2012/01/06 06:41:39 | 000,061,221 | ---- | C] () -- C:\Windows\System32\.exe
[2012/01/01 15:18:50 | 000,001,456 | ---- | C] () -- C:\Users\Steve Phua\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/31 22:48:55 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/12/31 20:49:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/12/31 20:49:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011/12/31 20:49:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/31 16:02:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/31 16:01:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/31 16:01:42 | 000,028,578 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/30 17:01:50 | 000,007,732 | ---- | C] () -- C:\Users\Steve Phua\funshion.ini
[2011/12/30 17:01:50 | 000,001,232 | ---- | C] () -- C:\Windows\System32\funshion.ini

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/15 09:20:09 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\AnvSoft
[2013/02/02 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\AVG10
[2012/11/18 09:47:04 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\avidemux
[2012/04/22 13:08:49 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Canneverbe Limited
[2012/01/01 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/14 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\com.adobe.WidgetBrowser
[2013/02/08 23:55:33 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\dclogs
[2013/02/10 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Dropbox
[2012/08/04 00:15:03 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\DVDVideoSoft
[2011/12/31 21:24:48 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/01/30 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\ExpressFiles
[2012/10/22 00:24:15 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\FileZilla
[2012/12/14 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Flickr
[2013/01/02 11:46:37 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Garmin
[2012/11/18 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\HandBrake
[2012/09/23 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\OfficeRecovery
[2012/09/23 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\OfficeRecovery.7489c827
[2012/05/19 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Opera
[2013/01/30 23:47:30 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Prodiance
[2012/02/16 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Research In Motion
[2012/08/26 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/03 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\systweak
[2011/12/31 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Tencent
[2012/12/31 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\TomTom
[2013/02/05 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\TuneUp Software
[2011/12/31 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\Ulead Systems
[2013/02/09 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\uTorrent
[2012/07/03 00:37:20 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\WinAVI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C8A0A42D

< End of report >
  • 0

#4
stevekp
Posted 09 February 2013 - 07:09 PM

stevekp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
EXTRAS.TXT

OTL Extras logfile created on: 10/2/2013 8:36:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve Phua\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.29% Memory free
6.98 Gb Paging File | 4.56 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 709.81 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Computer Name: STEVEPHUA-PC | User Name: Steve Phua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D3A638-A17B-4B15-8659-BAAB4A7BD5E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BD0A530-62BC-4A50-A2DB-340BB567BCC3}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{0D2C6171-C2D9-457E-8318-FA893955DBAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E1CC3F1-268D-4496-8C57-F72C27F1A7D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BB51F71-1BC4-4229-B006-B44AB65F568D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{46D22635-4B1E-428A-9847-FE39D095D3B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A353321-26B8-4289-A911-CB5E1DA57873}" = lport=138 | protocol=17 | dir=in | app=system |
"{4DF63075-0B52-40AD-97D0-A40845B728B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{57324B12-A9E1-4878-A06B-1296F5D5573D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6251FF2B-8BA1-47DD-89C5-AB48CD2B86FB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70CCDC4D-9EC5-420D-909D-13FFF06B3882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B9B6129-5781-4606-AB64-E8F5D0D40268}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7D102BCD-E05C-4192-8712-1F17B00A713A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EC6D285-1BA8-4897-987F-6F4D489D74B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8908758F-ADDA-4B39-84DA-87BF925E7F38}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F75797D-2686-4542-AD03-EF08ED5A7261}" = rport=139 | protocol=6 | dir=out | app=system |
"{9CDD1022-BC2E-427E-A4F3-CB5507D7839F}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{9D07DB22-44A1-42D8-A051-3DBE8B5FCECD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA31192C-88F0-44A5-B46D-40D288AF4652}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B46AE36C-2FFB-44A5-A2C9-7413C994195E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C13F5337-EF6B-481A-B81C-6E6DD70699EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{CCF46EA0-E82A-4DAD-91F0-C8C4EBC2F591}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{CCFCCF4A-0938-41CA-AE74-4A63FB8ED63C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D1996B00-C4A0-49C4-AA44-34D53B1F7E82}" = lport=139 | protocol=6 | dir=in | app=system |
"{D998D1E5-3148-4837-8DF4-4A41708C8794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB965EB7-F500-499A-8CD4-696F88D49612}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{DFB04A32-A2A9-46C2-A110-141165056C90}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB5E8312-8F5D-48C0-B8C3-B095550A7556}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{F8445A7A-FC4E-4895-BA1D-AC97F09EB703}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{FAD12D39-2EC4-4B00-8CC8-C3CE155E06AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06393128-219D-4914-8EC9-E0FBA9647E50}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{06F8F59D-B291-4C4C-A034-9D2F2A072BAC}" = protocol=6 | dir=in | app=c:\users\steve phua\appdata\roaming\dropbox\bin\dropbox.exe |
"{08BB4CE3-945D-48BE-B888-930899F6D8A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DD8803C-0EBA-4FB4-88D6-D967E450819F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0F4BB506-A3BA-45EF-BD95-32EA5544522E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1767A5A0-7E2E-4A49-A430-598C5A1D6248}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"{1B60AC01-909E-4681-B21E-68CA674F7CCE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1DED1E81-D839-4C9E-AA5D-33761B9F96BC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C50D77A-9C5F-45ED-B17F-E29779FB1B66}" = protocol=6 | dir=out | app=system |
"{35F71E25-8084-46EA-AD36-12C1A6704261}" = protocol=17 | dir=in | app=c:\program files\kwmusic\bin\kwmusic.exe |
"{398D563C-47CE-436A-A641-E19F5D7F17F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3E741BD5-8D7E-43BC-A176-FB82EE645944}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F97D3CF-E755-41BD-BA93-0DA82AF73CB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4145E537-880F-4F9B-8DDC-65376BB65E9A}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{4443AA09-CB3A-471D-914C-79565558D8F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CFDBB11-78D5-4662-B6FF-E16EDFD91F30}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{4D931729-4D58-4A24-82DF-67174C75F93D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{581075F1-F145-4212-B09E-E9857D57A237}" = protocol=58 | dir=out | [email protected],-28546 |
"{59F26377-06FB-4168-94A0-3085E70D7A08}" = protocol=1 | dir=in | [email protected],-28543 |
"{5AF91531-296C-4344-BC83-DA3CE43EDD75}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionservice.exe |
"{78CA298F-375A-42B0-B6BA-574E8C78D9C0}" = protocol=17 | dir=in | app=c:\users\steve phua\appdata\roaming\dropbox\bin\dropbox.exe |
"{7A69A737-D50D-4C95-9E8F-790ED78832EB}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{7CBCEA62-8C97-4A70-9D10-68AC0729699D}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{80E5C24F-798F-41A5-9784-60822D403B08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8131DC00-0EA9-427A-92D0-E4B4CD43B38F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E75E5E9-48BB-4E3C-9594-BC3ECDA4835D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{8F03645D-A960-4F50-B2C4-5BF389622543}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{91B5AB8B-C77C-4340-9682-4B2BAD5F5CB0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{91DD45AC-9C93-45C4-8575-BDEBBAA8418C}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{93A5E3AB-42DD-4BCA-91C8-2F53C90F2A63}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{98D36C00-BE05-49AC-9086-4961F4D7B3BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0DD97D0-B3F5-4092-8467-818B9AA1962E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{A7F70045-BD03-43D9-B79B-3C2BED4FA269}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{AFA70CA6-49D5-4D77-BFE0-A6B41B89BE20}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{B15AF566-1E91-4216-8DAF-05806F2E55D5}" = protocol=6 | dir=in | app=c:\program files\kwmusic\bin\kwmusic.exe |
"{B5718FC2-D13D-406D-A4FE-B6222B0B7DC2}" = protocol=6 | dir=in | app=c:\program files\kwmusic\bin\kwmv.exe |
"{B58A4C98-D62A-4616-9072-81E63BBE677A}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{B5FFE97D-1FD9-401A-8A2F-15CCB198FC1D}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{B61DAEE8-81F5-44B0-8209-3ED64C4DE836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B67819FA-9094-4DC4-86E1-73FAC06AAB63}" = protocol=17 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{B87090B9-7229-4447-A7A3-0EE97FF965FA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B88C88D1-C0C5-4540-922B-722A91654C0D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9371314-9A57-4FBC-9DD0-6F0CF287BAFF}" = protocol=1 | dir=out | [email protected],-28544 |
"{BC183C3D-E56C-4784-BC4C-01EDCC718AB1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C008403E-4567-427F-8965-48371974CCE2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C01E26C7-23ED-4AEF-BBF5-34F96C41EEA3}" = protocol=58 | dir=in | [email protected],-28545 |
"{C1C589BA-7669-4D56-B72A-8168685EA775}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C5B7EB51-03EF-476B-AC64-6ECC118621AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC8966E2-5EE0-4404-AA1F-7FEF2402C1DA}" = protocol=6 | dir=in | app=c:\program files\funshion online\funshion\funshionupgrade.exe |
"{CE60C4A9-F733-4B05-A467-E217313B8339}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D1CE2114-4485-4A5F-8ADD-6EEDBEE2B510}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D2D2EAE5-AED2-4ED5-B145-2089C1A9B20D}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{D342879A-E87B-49A6-8D78-37EC75819F87}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E4EDE0E7-725A-4E28-8849-40B300186AC9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E590F73D-634E-4389-BB1B-ABF8FA775A6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA4A59A1-BF9B-4493-B5AD-BABC5625EFC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA7DA68C-1A9E-421A-8C1A-F69E4AD9D303}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F2E0A91E-833E-4667-88D1-0F4334172C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F4113BDF-D581-44DE-BEED-BF0ED9F7F32D}" = dir=in | app=c:\users\steve phua\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F6EE7611-7B15-484A-8FCF-38A5BED0A539}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FB2B94F9-9A05-43A9-AFD2-3DB57FAC27E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FB72684A-530E-4D08-A6E3-E5BA2967371E}" = protocol=17 | dir=in | app=c:\program files\kwmusic\bin\kwmv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series" = Canon MX350 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 39
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F32329A-CE69-45CB-9BC2-1E554A5A5868}" = AVG 2011
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{466B8FC6-8D80-4DA1-BA2D-EC7094BD3C31}" = Corel VideoStudio Pro Title Pack
"{46EA439E-2D16-49B6-AA80-00DE992FE7CE}" = Microsoft Windows Debugging Symbols
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{58f16433-9730-4f3a-b985-12bb07fed941}" = Nero MediaHome 4 Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}" = Windows 7 Logon Background Changer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80A17ED7-059E-40FF-B5D6-F37C737CA693}" = Adobe Photoshop Lightroom 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
"{AB73C4E6-0184-4CF8-B17E-30D60167F41D}" = BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.3
"AVG" = AVG 2011
"Avisynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"BOCNET Security Applet_is1" = BOCNET Security Applet 1.5
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Free Studio_is1" = Free Studio version 5.3.5
"Funshion" = Funshion
"GoldWave v5.55" = GoldWave v5.55
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 3.1.1.0)
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"SubtitleWorkshop" = Subtitle Workshop 2.51
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub 2.23
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 9/2/2013 7:46:35 AM | Computer Name = StevePhua-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 9/2/2013 8:26:39 AM | Computer Name = StevePhua-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NMMediaServerService.exe, version: 4.5.9.104,
time stamp: 0x4ccad75a Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00047732 Faulting
process id: 0x9e4 Faulting application start time: 0x01ce06c0a36e1bc0 Faulting application
path: C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f36bfd7c-72b3-11e2-9bc3-0009dd5088cd

Error - 9/2/2013 10:34:58 AM | Computer Name = StevePhua-PC | Source = Dvd Maker | ID = 155649001
Description = The Dvd Maker engine returned an error code (-47001) when burning
the disc.

[ System Events ]
Error - 24/11/2012 9:47:40 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 24/11/2012 9:48:45 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR7.

Error - 24/11/2012 9:48:47 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR7.

Error - 24/11/2012 9:48:55 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR9.

Error - 24/11/2012 9:48:56 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR9.

Error - 24/11/2012 9:48:56 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR9.

Error - 24/11/2012 9:48:57 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR9.

Error - 24/11/2012 9:48:58 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR9.

Error - 24/11/2012 9:49:00 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR10.

Error - 24/11/2012 9:49:02 PM | Computer Name = StevePhua-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR10.


< End of report >

Edited by stevekp, 09 February 2013 - 07:44 PM.

  • 0

#5
stevekp
Posted 09 February 2013 - 07:10 PM

stevekp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hello, stevekp and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, follow these steps:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Hi! Thank you for your assistance. I have copied both txt files in the responses above. Hope to receive your guidance soon.
  • 0

#6
Phel
Posted 12 February 2013 - 12:35 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello,

Please, wait for a while. The fix is coming soon.
  • 0

#7
Phel
Posted 13 February 2013 - 02:33 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, let's start the cleaning procedure! Let's to remove thats annoying authz.exe from startup first, as well as check your system legitimacy and change your passwords, because they could be stolen by Backdoor.

Do you know anything about these folders?

C:\Users\Steve Phua\AppData\Roaming\Prodiance
C:\Users\Steve Phua\Documents\Windows
C:\Users\Steve Phua\Documents\Services

uTorrent Warning

I have noticed, that you use P2P-programs. I strongly recommend you remove them, because P2P-networks are one of the biggest sources of malware. You can pick up a trojan horse / adware / spyware / worm / virus / etc. in illegal downloads from these networks, such as

  • cracks, serials, keygens, cracked programs
  • torrents
  • music
  • movies
  • disc images (.iso files)

Please, always be cautious, what you are downloading. Always scan newly downloaded files with your antivirus software (there should be a context menu item) or on VirusTotal.

Remember, that we won't help you with P2P-programs, except with their removal.


Backdoor warning.

Your computer is infected with Backdoor.

What is Backdoor?

Backdoor is malware, which allows another person to remotely control your computer, so this infection can execute files, download files from the internet or steal your data.

How can you deal with this infection?

We can clean this infection. However, we aren't sure, that you can trust your computer even after removal of this infection. So, there is only one way to completely remove this infection - format your hard drive and reinstall Windows.

Please, read info here to learn more, why you need to reinstall Windows.

So, If you decided to format hard drive and reinstall Windows, please, let me know about it. If you didn't, please, follow these steps:

Step 1. Change of the passwords.

Your computer was infected with PSW trojan - malware, which steals your personal and confidential data, such as passwords. So, please, change all your passwords from:

  • Internet Banks
  • FTP-servers
  • Web-hosting
  • Social networks
  • Forums
  • E-mails
  • Other websites
  • IM-Messengers (Skype/ICQ/AOL/etc.)
  • and etc.

Step 2. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes
KILLALLPROCESSES

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{05178291-CE66-4C53-8EFB-B8C777E5D641}: "URL" = http://websearch.ask...5A-91D05EFE9643
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
[2012/09/03 00:53:06 | 000,002,343 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\Mozilla\Firefox\Profiles\3wss7rsy.default\searchplugins\askcom.xml
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Authorization Framework] C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\authz.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Certificate Policy Engine] C:\Users\Steve Phua\AppData\Roaming\Microsoft\Windows\Templates\CertPolEng.exe (Microsoft Corporation)
[2013/02/09 00:54:20 | 000,340,480 | ---- | C] (Locktime Software) -- C:\Users\Steve Phua\AppData\Roaming\a.exe
[2013/02/08 05:26:27 | 000,137,728 | ---- | C] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\zp.exe
[2013/02/07 18:09:37 | 000,343,552 | ---- | C] (TechSmith Corporation) -- C:\Users\Steve Phua\AppData\Roaming\jp.exe
[2013/01/30 22:49:29 | 000,000,000 | ---D | C] -- C:\Users\Steve Phua\AppData\Roaming\dclogs
[2013/01/30 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/31 03:12:18 | 000,000,000 | ---- | M] () -- C:\Users\Steve Phua\AppData\Roaming\cybergate.dat
[2012/01/06 06:41:39 | 000,061,221 | ---- | C] () -- C:\Windows\System32\.exe
[2013/01/30 22:53:18 | 000,039,656 | ---- | C] () -- C:\Users\Steve Phua\AppData\Roaming\ambooks
[2012/07/03 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\Steve Phua\AppData\Roaming\systweak
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C8A0A42D

:Files
C:\Program Files\RegTweaker
C:\Users\Steve Phua\AppData\Local\Temp\panmap.exe
C:\Users\Steve Phua\AppData\Local\Temp\BioCredProv.exe

:Commands
[RESETHOSTS]
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step 3. WGA Check.

  • Download WGA Diagnostic Tool here to your Desktop.
  • Double-click it.
  • Click Countinue button.
  • Click Copy button.
  • Paste the log in your next message.


So, please, don't forget to post in your next message:

  • WGA Diagnostic Tool log
  • OTL log
  • Answers on my questions

  • 0

#8
Essexboy
Posted 19 February 2013 - 12:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP