Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant open my Regedit and Taskmanager


  • Please log in to reply

#1
frichieny

frichieny

    Member

  • Member
  • PipPipPip
  • 192 posts
and i cant remove the active desktop recovery hehe
and my malwarebytes always blocks some IP's Website: 222.186.101.77 type:outgoing
Im sorry if i am going to waste your time on me so thank you very much if you helped me :(




OTL logfile created on: 4/16/2013 2:00:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.06% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.15 Gb Total Space | 3.29 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 4.18 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

Computer Name: DELACRUZ | User Name: Dela Cruz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 13:59:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\OTL.exe
PRC - [2013/04/16 13:47:33 | 000,528,398 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\cgminer.exe
PRC - [2013/04/15 19:48:36 | 004,068,864 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\razorp.exe
PRC - [2013/04/10 17:22:41 | 009,802,032 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
PRC - [2013/04/09 16:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/04/05 22:59:25 | 000,087,344 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\ouc.exe
PRC - [2013/03/28 17:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/27 20:44:14 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/12/12 21:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/14 08:50:14 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/09/21 14:46:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/06/03 18:08:02 | 000,038,088 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2011/10/19 12:13:44 | 000,323,912 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2011/10/19 12:13:38 | 000,411,976 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2011/10/19 12:13:38 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2011/02/21 13:22:27 | 000,253,483 | ---- | M] (SHADOWDEFENDER.COM) -- C:\Program Files\Shadow Defender\DefenderDaemon.exe
PRC - [2008/04/14 05:42:20 | 001,551,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/16 13:47:35 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\zlib1.dll
MOD - [2013/04/16 13:47:34 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\libidn-11.dll
MOD - [2013/04/16 13:47:33 | 000,528,398 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\cgminer.exe
MOD - [2013/04/15 19:48:36 | 004,068,864 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\razorp.exe
MOD - [2013/04/11 10:50:20 | 000,027,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\VersionModule.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:23:06 | 000,955,696 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XLL.dll
MOD - [2013/04/10 17:23:02 | 000,236,336 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\PluginNews.dll
MOD - [2013/04/10 17:23:01 | 000,816,944 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\ggplugin.dll
MOD - [2013/04/10 17:23:00 | 000,436,528 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\GarenaTalkPlugin.dll
MOD - [2013/04/10 17:23:00 | 000,286,000 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\DailyTaskPlugin.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libmpg123.dll
MOD - [2013/04/10 17:22:48 | 000,794,928 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\gagmhook.dll
MOD - [2013/04/10 17:22:41 | 009,802,032 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 16:57:06 | 013,130,704 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/04/05 22:59:25 | 001,891,120 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\Overlay.dll
MOD - [2013/04/05 22:59:25 | 000,087,344 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/04/03 21:40:51 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtNetwork4.dll
MOD - [2013/04/03 21:40:51 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtXml4.dll
MOD - [2013/04/03 21:40:51 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QueryStrategy.dll
MOD - [2013/04/03 21:40:50 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtCore4.dll
MOD - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\ouc.exe
MOD - [2013/04/03 21:40:49 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2013/04/03 21:40:49 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\mingwm10.dll
MOD - [2013/03/13 18:06:04 | 001,543,984 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\FileSender.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CxImage.dll
MOD - [2013/02/28 17:17:36 | 000,188,208 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggspawn.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CommonLib.dll
MOD - [2013/01/24 19:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll
MOD - [2013/01/16 18:30:17 | 000,098,608 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\PlatformPlugin.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\TaskManagerLib.dll
MOD - [2012/12/27 11:34:07 | 000,181,760 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\ggspawn.dll
MOD - [2012/12/01 22:19:08 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/12/01 22:18:52 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/12/01 22:18:38 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/12/01 22:18:29 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XmlUIModule.dll
MOD - [2012/08/31 03:10:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/06/03 18:08:02 | 000,623,816 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2012/06/03 18:08:02 | 000,038,088 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2012/06/03 18:04:22 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
MOD - [2012/06/03 18:04:18 | 000,046,592 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggcode.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\CommonLib.dll
MOD - [2011/10/18 09:54:24 | 000,056,832 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\PluginKernel.dll
MOD - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/08/18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\vorbis.dll
MOD - [2008/08/18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\ogg.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/01/31 11:33:24 | 000,032,768 | ---- | M] () -- C:\Program Files\Vtune\TBPanelExt.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/04 12:38:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Smart Bro\UpdateDog\ouc.exe -- (Smart Bro. RunOuc)
SRV - [2013/03/14 15:57:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/21 14:46:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/31 03:10:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/11 08:06:10 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/04/11 07:59:14 | 000,542,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/04/03 02:46:58 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/11/16 02:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/10/19 12:13:38 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/10 03:14:50 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 21:40:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/04/03 21:40:51 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/04/03 21:40:51 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/04/03 21:40:51 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/02/22 15:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 15:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 17:52:46 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/12/06 01:13:58 | 000,022,112 | -HS- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2012/11/22 08:43:14 | 000,112,480 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/04/11 23:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012/04/07 02:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/02/22 18:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 14:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/04/19 08:52:48 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2011/03/31 19:36:10 | 000,204,384 | ---- | M] (SHADOWDEFENDER.COM) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\diskpt.sys -- (diskpt)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2008/04/17 16:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/02/15 15:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 20:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...265&lg=EN&cc=PH
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.hel...265&lg=EN&cc=PH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org...xr&chid=c162341
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...265&lg=EN&cc=PH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.hel...265&lg=EN&cc=PH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.hel...N&cc=PH&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.hel...65&lg=EN&cc=PH"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..keyword.URL: "http://websearch.hel...N&cc=PH&l=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Documents and Settings\Dela Cruz\Application Data\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/04 12:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]

[2012/06/05 14:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Extensions
[2013/04/16 12:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions
[2013/04/04 14:16:48 | 000,000,000 | ---D | M] (BRowsE2soave) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
[2013/04/16 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\staged
[2012/09/25 20:35:42 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
[2013/04/16 12:58:13 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\searchplugins\WebSearch.xml
[2012/06/11 23:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/21 14:08:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/11 23:20:54 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/04/04 12:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/04/04 12:38:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/04 12:38:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/04 12:38:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.hel...265&lg=EN&cc=PH
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp\2_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/10 16:45:13 | 000,000,788 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Shadow Defender Daemon] C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [GarenaPlus] D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [razorp] C:\Documents and Settings\Dela Cruz\Application Data/Windows/razorp.exe ()
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Dela Cruz\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECEEA181-E40C-4D41-B6BE-B7940798E869}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dela Cruz\My Documents\Downloads\9gag.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/05 13:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/15 18:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 19:49:08 | 000,001,331 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O32 - AutoRun File - [2012/08/03 05:24:44 | 000,899,584 | ---- | M] () - D:\AutoHotkey.exe -- [ NTFS ]
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{388cb639-058b-11e2-a8d9-0024215b0d23}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun\command - "" = F:\steambackup2.EXE
O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 13:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Malwarebytes
[2013/04/16 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/16 13:35:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 13:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/16 13:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/04/16 13:15:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dela Cruz\Recent
[2013/04/16 13:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Windows
[2013/04/16 13:03:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/04/16 12:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Searcch-NeewaTabb
[2013/04/16 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Barowse2sAvvee
[2013/04/16 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barowse2sAvvee
[2013/04/16 12:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X86
[2013/04/16 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Solibo Ltd
[2013/04/16 12:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Solibo Ltd
[2013/04/16 12:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AMD64
[2013/04/16 12:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Age of Empires 2 HD Edition
[2013/04/15 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\CryptLoad_1.1.8
[2013/04/10 03:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Start Menu\Programs\DC-Unlocker
[2013/04/10 03:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\DC-Unlocker
[2013/04/10 03:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\pocketwifi
[2013/04/10 03:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\pocketwifi
[2013/04/04 15:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/04/04 14:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftSafe
[2013/04/04 14:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\BrowseToSave
[2013/04/04 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BRowsE2soave
[2013/04/04 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BRowsE2soave
[2013/04/04 14:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/04/04 02:38:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/04/04 02:34:18 | 000,181,784 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2013/04/04 02:34:17 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2013/04/04 02:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFree Codec
[2013/04/04 01:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/04/04 01:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\NativeFus_Log
[2013/04/04 01:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Samsung
[2013/04/04 01:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Samsung
[2013/04/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\My Documents\samsung
[2013/04/03 21:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Bro
[2013/04/03 21:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Smart Bro
[2013/04/03 21:41:08 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/04/03 21:41:08 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/04/03 21:41:08 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/04/03 21:41:08 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/04/03 21:41:08 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/04/03 21:41:08 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/04/03 21:41:08 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/04/03 21:41:08 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/04/03 21:41:08 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/04/03 21:41:08 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2013/04/03 21:41:08 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2013/04/03 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Bro
[2013/04/03 21:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/03/28 22:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/03/21 16:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\iFunbox_UserCache
[2013/03/21 16:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\i-Funbox DevTeam
[2013/03/21 16:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\i-Funbox DevTeam
[2013/03/20 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\.minecraft
[2013/03/18 15:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2013/03/18 15:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/16 13:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/16 13:44:53 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/04/16 13:44:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 13:35:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 13:33:49 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Dela Cruz\ntuser.pol
[2013/04/16 13:21:31 | 000,201,802 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\poclbm130302GeForce 9500 GTv1w256l4.bin
[2013/04/16 13:18:34 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/16 13:08:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/04/16 12:47:46 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires 2 HD Edition.lnk
[2013/04/16 12:20:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/04/16 12:20:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/04/14 22:31:17 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Age of Empires II HD.lnk
[2013/04/14 21:58:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/12 05:18:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/12 01:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/04/10 13:19:53 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Shortcut to vlc.lnk
[2013/04/10 08:13:28 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 08:13:28 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Google Chrome.lnk
[2013/04/10 03:14:50 | 000,013,816 | ---- | M] () -- C:\WINDOWS\System32\unikey.sys
[2013/04/10 03:14:45 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\dc-unlocker client.lnk
[2013/04/06 02:31:38 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/04 15:02:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/04 03:09:36 | 000,002,759 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\.TransferManager.db
[2013/04/04 02:23:32 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/04 02:23:32 | 000,088,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/04 02:07:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/04/03 21:40:51 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/04/03 21:40:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/04/03 21:40:51 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/04/03 21:40:51 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/04/03 21:40:51 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/04/03 21:40:51 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/04/03 21:40:51 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/04/03 21:40:51 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/04/03 21:40:51 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/04/03 21:40:51 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2013/04/03 21:40:51 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2013/03/26 12:29:56 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\AutoHotkey.ahk
[2013/03/25 23:31:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/22 10:32:42 | 134,528,834 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Block Fortress (v1.0.1 3GS Univ os43)-[CrackLords]-B_H.ipa
[2013/03/21 16:01:02 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iFunbox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/16 13:35:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 13:33:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Dela Cruz\ntuser.pol
[2013/04/16 13:21:31 | 000,201,802 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\poclbm130302GeForce 9500 GTv1w256l4.bin
[2013/04/16 13:18:34 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/16 12:47:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires 2 HD Edition.lnk
[2013/04/14 22:31:17 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Age of Empires II HD.lnk
[2013/04/10 13:19:53 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Shortcut to vlc.lnk
[2013/04/10 03:12:40 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys
[2013/04/10 03:12:28 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\dc-unlocker client.lnk
[2013/04/04 03:09:36 | 000,002,759 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\.TransferManager.db
[2013/04/04 02:07:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/03/22 10:03:01 | 134,528,834 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Block Fortress (v1.0.1 3GS Univ os43)-[CrackLords]-B_H.ipa
[2013/03/21 16:01:02 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iFunbox.lnk
[2013/03/18 15:37:14 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\AutoHotkey.ahk
[2013/03/01 18:41:32 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/03/01 18:41:32 | 000,004,198 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/01/15 19:58:31 | 000,000,320 | ---- | C] () -- C:\WINDOWS\con_34195430.ini
[2013/01/03 17:38:34 | 000,758,465 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1659004503-725345543-1003-0.dat
[2013/01/03 17:38:31 | 000,287,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/29 19:19:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2012/12/05 15:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/10/09 10:25:44 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/08/01 00:46:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\fusioncache.dat
[2012/07/13 16:41:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 14:46:41 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/07/01 01:40:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/05 20:51:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/05 17:18:44 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/05 17:01:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/05 16:55:34 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/05 14:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\diskpt.dat
[2012/06/05 14:09:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/05 13:33:25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2012/06/05 13:30:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/06/05 13:28:11 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/06/05 13:02:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/05 12:58:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/06/05 13:31:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 003,682,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/11 19:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/04/16 13:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barowse2sAvvee
[2012/12/16 21:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/04/16 13:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BRowsE2soave
[2012/11/25 23:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2012/11/14 00:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/10 03:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012/09/13 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/01/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
[2013/04/16 13:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012/06/11 23:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2013/04/16 12:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/29 14:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/12/20 15:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/05 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/04/04 02:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/04/16 13:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Searcch-NeewaTabb
[2013/04/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Bro
[2013/04/04 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftSafe
[2012/06/11 19:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/12/31 22:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2012/12/01 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2013/02/09 19:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/03/20 13:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\.minecraft
[2012/12/01 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\AnvSoft
[2012/12/02 00:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Audacity
[2013/01/28 17:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\B1Toolbar
[2012/06/11 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Camfrog
[2012/11/14 07:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\DAEMON Tools Lite
[2013/04/16 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\DMCache
[2013/03/01 18:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Enterbrain
[2013/03/01 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\FFSJ
[2012/10/09 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\FreeBurner
[2013/01/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Garena
[2013/04/16 13:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\GarenaPlus
[2012/12/01 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\HandBrake
[2013/04/16 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\IDM
[2013/03/22 10:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\iFunbox_UserCache
[2012/07/01 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\LolClient
[2012/06/05 17:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\LolClient2
[2012/12/30 20:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\ManyCam
[2012/09/30 03:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\PowerISO
[2012/07/13 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\raidcall
[2012/06/05 15:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Rainmeter
[2013/02/10 13:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\redsn0w
[2013/04/04 01:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Samsung
[2012/06/05 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Shadow Defender
[2012/12/31 18:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\SystemRequirementsLab
[2013/01/05 00:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\TeamViewer
[2013/03/10 20:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Tunngle
[2002/01/01 00:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\TypingMaster7
[2013/03/10 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Unity
[2013/04/16 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\uTorrent
[2013/01/03 17:01:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Virtual CD v10
[2013/04/16 13:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Windows
[2012/12/01 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Xilisoft
[2012/12/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\xim
[2012/12/16 21:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\YaTQA

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 4/16/2013 2:00:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.06% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.15 Gb Total Space | 3.29 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 4.18 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

Computer Name: DELACRUZ | User Name: Dela Cruz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57552:TCP" = 57552:TCP:*:Enabled:Pando Media Booster
"57552:UDP" = 57552:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"57552:TCP" = 57552:TCP:*:Enabled:Pando Media Booster
"57552:UDP" = 57552:UDP:*:Enabled:Pando Media Booster
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"6971:TCP" = 6971:TCP:*:Enabled:League of Legends Launcher
"6971:UDP" = 6971:UDP:*:Enabled:League of Legends Launcher
"6908:TCP" = 6908:TCP:*:Enabled:League of Legends Launcher
"6908:UDP" = 6908:UDP:*:Enabled:League of Legends Launcher
"6934:TCP" = 6934:TCP:*:Enabled:League of Legends Launcher
"6934:UDP" = 6934:UDP:*:Enabled:League of Legends Launcher
"6884:TCP" = 6884:TCP:*:Enabled:League of Legends Launcher
"6884:UDP" = 6884:UDP:*:Enabled:League of Legends Launcher
"6943:TCP" = 6943:TCP:*:Enabled:League of Legends Launcher
"6943:UDP" = 6943:UDP:*:Enabled:League of Legends Launcher
"6904:TCP" = 6904:TCP:*:Enabled:League of Legends Launcher
"6904:UDP" = 6904:UDP:*:Enabled:League of Legends Launcher
"6950:TCP" = 6950:TCP:*:Enabled:League of Legends Launcher
"6950:UDP" = 6950:UDP:*:Enabled:League of Legends Launcher
"6941:TCP" = 6941:TCP:*:Enabled:League of Legends Launcher
"6941:UDP" = 6941:UDP:*:Enabled:League of Legends Launcher
"6885:TCP" = 6885:TCP:*:Enabled:League of Legends Launcher
"6885:UDP" = 6885:UDP:*:Enabled:League of Legends Launcher
"6881:TCP" = 6881:TCP:*:Enabled:League of Legends Launcher
"6881:UDP" = 6881:UDP:*:Enabled:League of Legends Launcher
"6923:TCP" = 6923:TCP:*:Enabled:League of Legends Launcher
"6923:UDP" = 6923:UDP:*:Enabled:League of Legends Launcher
"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher
"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher
"6886:TCP" = 6886:TCP:*:Enabled:League of Legends Launcher
"6886:UDP" = 6886:UDP:*:Enabled:League of Legends Launcher
"6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher
"6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher
"6937:TCP" = 6937:TCP:*:Enabled:League of Legends Launcher
"6937:UDP" = 6937:UDP:*:Enabled:League of Legends Launcher
"6958:TCP" = 6958:TCP:*:Enabled:League of Legends Launcher
"6958:UDP" = 6958:UDP:*:Enabled:League of Legends Launcher
"6980:TCP" = 6980:TCP:*:Enabled:League of Legends Launcher
"6980:UDP" = 6980:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6915:TCP" = 6915:TCP:*:Enabled:League of Legends Launcher
"6915:UDP" = 6915:UDP:*:Enabled:League of Legends Launcher
"6992:TCP" = 6992:TCP:*:Enabled:League of Legends Launcher
"6992:UDP" = 6992:UDP:*:Enabled:League of Legends Launcher
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher
"6892:TCP" = 6892:TCP:*:Enabled:League of Legends Launcher
"6892:UDP" = 6892:UDP:*:Enabled:League of Legends Launcher
"6969:TCP" = 6969:TCP:*:Enabled:League of Legends Launcher
"6969:UDP" = 6969:UDP:*:Enabled:League of Legends Launcher
"6897:TCP" = 6897:TCP:*:Enabled:League of Legends Launcher
"6897:UDP" = 6897:UDP:*:Enabled:League of Legends Launcher
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"6949:TCP" = 6949:TCP:*:Enabled:League of Legends Launcher
"6949:UDP" = 6949:UDP:*:Enabled:League of Legends Launcher
"6968:TCP" = 6968:TCP:*:Enabled:League of Legends Launcher
"6968:UDP" = 6968:UDP:*:Enabled:League of Legends Launcher
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher
"6910:TCP" = 6910:TCP:*:Enabled:League of Legends Launcher
"6910:UDP" = 6910:UDP:*:Enabled:League of Legends Launcher
"6895:TCP" = 6895:TCP:*:Enabled:League of Legends Launcher
"6895:UDP" = 6895:UDP:*:Enabled:League of Legends Launcher
"6978:TCP" = 6978:TCP:*:Enabled:League of Legends Launcher
"6978:UDP" = 6978:UDP:*:Enabled:League of Legends Launcher
"6979:TCP" = 6979:TCP:*:Enabled:League of Legends Launcher
"6979:UDP" = 6979:UDP:*:Enabled:League of Legends Launcher
"6962:TCP" = 6962:TCP:*:Enabled:League of Legends Launcher
"6962:UDP" = 6962:UDP:*:Enabled:League of Legends Launcher
"6882:TCP" = 6882:TCP:*:Enabled:League of Legends Launcher
"6882:UDP" = 6882:UDP:*:Enabled:League of Legends Launcher
"6966:TCP" = 6966:TCP:*:Enabled:League of Legends Launcher
"6966:UDP" = 6966:UDP:*:Enabled:League of Legends Launcher
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6924:TCP" = 6924:TCP:*:Enabled:League of Legends Launcher
"6924:UDP" = 6924:UDP:*:Enabled:League of Legends Launcher
"6898:TCP" = 6898:TCP:*:Enabled:League of Legends Launcher
"6898:UDP" = 6898:UDP:*:Enabled:League of Legends Launcher
"6981:TCP" = 6981:TCP:*:Enabled:League of Legends Launcher
"6981:UDP" = 6981:UDP:*:Enabled:League of Legends Launcher
"6929:TCP" = 6929:TCP:*:Enabled:League of Legends Launcher
"6929:UDP" = 6929:UDP:*:Enabled:League of Legends Launcher
"6993:TCP" = 6993:TCP:*:Enabled:League of Legends Launcher
"6993:UDP" = 6993:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
"6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher
"6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher
"6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher
"6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe" = D:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe:*:Enabled:dota
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe" = D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe" = D:\Program Files\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\CherryDeGames\Dragon Nest\DragonNest.exe" = C:\CherryDeGames\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest
"D:\Program Files\CherryDeGames\Dragon Nest\DragonNest.exe" = D:\Program Files\CherryDeGames\Dragon Nest\DragonNest.exe:*:Enabled:Dragon Nest
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Program Files\League of Legends\lol.launcher.exe" = D:\Program Files\League of Legends\lol.launcher.exe:*:Enabled:lol.launcher -- ()
"D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe" = D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2
"D:\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe" = D:\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe" = D:\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Program Files\Steam\steamapps\common\lord of the rings online\TurbineInvoker.exe" = D:\Program Files\Steam\steamapps\common\lord of the rings online\TurbineInvoker.exe:*:Enabled:The Lord of the Rings Online™
"D:\Program Files\Steam\steamapps\common\lord of the rings online\lotroclient.exe" = D:\Program Files\Steam\steamapps\common\lord of the rings online\lotroclient.exe:*:Enabled:lotroclient
"F:\Program Files\uTorrentPortable\App\uTorrent\uTorrent.exe" = F:\Program Files\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"D:\Program Files\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe" = D:\Program Files\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Program Files\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe" = D:\Program Files\Garena\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Yeah men\Dead Island\deadislandgame.exe" = C:\Yeah men\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland
"D:\Program Files\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe" = D:\Program Files\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"D:\Program Files\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe" = D:\Program Files\GarenaLoLPH_Launcher\GameData\Apps\LoLPH\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"D:\Steam\steamapps\common\dota 2 beta\dota.exe" = D:\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\GarenaDownload\Games\hon\HoNInstaller.exe" = C:\GarenaDownload\Games\hon\HoNInstaller.exe:*:Enabled:Garena Installer -- ()
"D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe" = D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe:*:Enabled:Garena Plus -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Dela Cruz\Local Settings\Temp\Rar$EXa0.045\teamspeak3-server_win32\ts3server_win32.exe" = C:\Documents and Settings\Dela Cruz\Local Settings\Temp\Rar$EXa0.045\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server
"D:\Program Files\GarenaLoLPH_Launcher\GameData\UpdateManager.exe" = D:\Program Files\GarenaLoLPH_Launcher\GameData\UpdateManager.exe:*:Disabled:UpdateManager Module -- ()
"C:\Program Files\Tunngle\TnglCtrl.exe" = C:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Program Files\Tunngle\Tunngle.exe" = C:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"D:\Dead Island\deadislandgame.exe" = D:\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland
"C:\Program Files\ArmA 2\Expansion\beta\arma2oa.exe" = C:\Program Files\ArmA 2\Expansion\beta\arma2oa.exe:*:Enabled:ArmA 2 OA
"C:\Documents and Settings\Dela Cruz\Desktop\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe" = C:\Documents and Settings\Dela Cruz\Desktop\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2 -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\Dela Cruz\Desktop\Game\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe" = C:\Documents and Settings\Dela Cruz\Desktop\Game\2K Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2
"C:\Documents and Settings\Dela Cruz\Desktop\SmartSteam_v1.4.1\SmartSteam\steamapps\common\Dead Island\deadislandgame.exe" = C:\Documents and Settings\Dela Cruz\Desktop\SmartSteam_v1.4.1\SmartSteam\steamapps\common\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland -- (Techland)
"D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\BBTalk.exe" = D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\BBTalk.exe:*:Enabled:Garena Talk -- ()
"C:\Documents and Settings\Dela Cruz\My Documents\My Documents\tinyumbrella-6.10.02a.exe" = C:\Documents and Settings\Dela Cruz\My Documents\My Documents\tinyumbrella-6.10.02a.exe:*:Enabled:TinyUmbrella - Save your SHSH!
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Paws\tinyumbrella-6.10.02a.exe" = D:\Paws\tinyumbrella-6.10.02a.exe:*:Enabled:TinyUmbrella - Save your SHSH! -- ()
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" = NCDownloader
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49D57DC1-18C3-4BA5-95F6-8DD94350B7FD}" = DayZ Commander
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64E455BC-88AF-46DA-941B-D621A9E3FAAD}_is1" = iPhoneYeta iHardware Plugins version 1.0
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}" = Shadow Defender
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = Barowse2sAvvee
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9DC39B6-9E0B-42FC-ACB7-FBFE74DB81E7}" = Mercenary Online
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2 HD Edition_is1" = Age of Empires 2 HD Edition
"Age Of Pirates 1.41_is1" = Age Of Pirates - Caribbean Tales 1.41
"Any Video Converter_is1" = Any Video Converter 3.5.7
"Audacity_is1" = Audacity 2.0.2
"AutoHotkey" = AutoHotkey 1.1.09.04
"BattlEye for OA" = BattlEye for OA Uninstall
"Camfrog 6.2" = Camfrog Video Chat 6.2
"CCleaner" = CCleaner
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Defraggler" = Defraggler
"DualCoreCenter_is1" = DualCoreCenter
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"HoN" = Garena - Heroes of Newerth
"HotspotShield" = Hotspot Shield 2.53
"ie8" = Windows Internet Explorer 8
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"im" = Garena Plus
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Internet Download Manager" = Internet Download Manager
"LoLPH" = Garena - League of Legends PH
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mercenary Online 0.0.3" = Mercenary Online
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Cutter_is1" = MP3 Cutter 1.9
"MSI Live Update 3" = MSI Live Update 3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pocketwifi" = pocketwifi
"PowerISO" = PowerISO
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD © Microsoft Studios version 1
"Rainmeter" = Rainmeter
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Smart Bro" = Smart Bro
"SP_48c708f2" = BrowseToSave 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"Steam App 212500" = The Lord of the Rings Online™
"TeamViewer 7" = TeamViewer 7
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VistaMizer" = VistaMizer 4.1.0.0
"VLC media player" = VLC media player 2.0.1
"Vtune_is1" = Vtune 7.6
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 beta 3 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dead Island Save Editor_is1" = Dead Island Save Editor
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2013 2:16:07 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/16/2013 8:08:58 AM | Computer Name = DELACRUZ | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.33:5353 17 33.1.168.192.in-addr.arpa.
PTR Dela-Cruz.local.

Error - 2/16/2013 8:08:58 AM | Computer Name = DELACRUZ | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 33.1.168.192.in-addr.arpa.
PTR delacruz.local.

Error - 2/17/2013 2:05:23 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/17/2013 5:56:47 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/17/2013 8:11:10 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/17/2013 8:39:40 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/17/2013 12:38:02 PM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/23/2013 1:27:42 PM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

Error - 2/25/2013 11:21:04 AM | Computer Name = DELACRUZ | Source = Application Error | ID = 1000
Description = Faulting application lol.exe, version 1.0.0.29, faulting module launcher.maestro.dll,
version 1.0.0.29, fault address 0x00011289.

[ System Events ]
Error - 4/16/2013 12:00:41 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7000
Description = The Smart Bro. OUC service failed to start due to the following error:
%%1053

Error - 4/16/2013 1:18:42 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 4/16/2013 1:18:42 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 4/16/2013 1:18:42 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Smart Bro. OUC service
to connect.

Error - 4/16/2013 1:18:42 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7000
Description = The Smart Bro. OUC service failed to start due to the following error:
%%1053

Error - 4/16/2013 1:44:38 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).

Error - 4/16/2013 1:44:38 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 4/16/2013 1:44:38 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Smart Bro. OUC service
to connect.

Error - 4/16/2013 1:44:38 AM | Computer Name = DELACRUZ | Source = Service Control Manager | ID = 7000
Description = The Smart Bro. OUC service failed to start due to the following error:
%%1053

Error - 4/16/2013 1:44:47 AM | Computer Name = DELACRUZ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, frichieny and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while, currently I'm analyzing your logs. Please note, that my answers can come with a slight delay, because they are checked by a teacher.
  • 0

#3
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Umm Hello sir Phel :) umm did i do anything wrong about my logs :) I copied the OTL and Extra notepad file :)
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
No, you did all very well. :) Now please wait, I'll post the fix as soon as it's possible.
  • 0

#5
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Here is the fix!

Please, follow these steps:

Step 1. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • Search Assistant WebSearch 1.74
  • BrowseToSave 1.74
  • Barowse2sAvvee

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2013/04/16 13:47:33 | 000,528,398 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\cgminer.exe
    PRC - [2013/04/15 19:48:36 | 004,068,864 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\razorp.exe
    MOD - [2013/04/16 13:47:33 | 000,528,398 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\Data\cgminer.exe
    MOD - [2013/04/15 19:48:36 | 004,068,864 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Windows\razorp.exe
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...265&lg=EN&cc=PH
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.hel...265&lg=EN&cc=PH
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org...xr&chid=c162341
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...265&lg=EN&cc=PH
    IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.hel...265&lg=EN&cc=PH
    FF - prefs.js..browser.search.defaultenginename: "WebSearch"
    FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH&l=1&q="
    FF - prefs.js..browser.search.order.1: "WebSearch"
    FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
    FF - prefs.js..browser.search.selectedEngine: "WebSearch"
    FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
    FF - prefs.js..browser.startup.homepage: "http://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH"
    FF - prefs.js..keyword.URL: "http://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH&l=1&q="
    [2013/04/16 12:58:13 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\searchplugins\WebSearch.xml
    [2013/04/04 14:16:48 | 000,000,000 | ---D | M] (BRowsE2soave) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
    MOD - [2013/01/24 19:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files\BrowseToSave\sprotector.dll
    CHR - homepage: http://websearch.hel...265&lg=EN&cc=PH
    O4 - HKCU..\Run: [razorp] C:\Documents and Settings\Dela Cruz\Application Data/Windows/razorp.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Program Files\BrowseToSave\sprotector.dll ()
    O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - File not found
    O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell - "" = AutoRun
    O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c79442ca-fe07-11d5-a8ca-0024215b0d23}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8a6cf41f-a0ad-11e2-8435-0024215b0d23}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    [2013/04/16 13:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Windows
    [2013/04/16 12:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Searcch-NeewaTabb
    [2013/04/16 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Barowse2sAvvee
    [2013/04/16 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barowse2sAvvee
    [2013/04/04 14:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\BrowseToSave
    [2013/04/04 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BRowsE2soave
    [2013/04/04 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BRowsE2soave
    [2013/04/04 14:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/03/01 18:41:32 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2013/03/01 18:41:32 | 000,004,198 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2013/01/28 17:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\B1Toolbar
    [2013/04/16 13:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BRowsE2soave
    [2013/04/16 13:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barowse2sAvvee
    
    :Commands
    [REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • OTL log

  • 0

#6
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Sorry for very late reply my mom ask me to do something.


Adwcleaner[S1]
Report:

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 22:05:17
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dela Cruz - DELACRUZ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\adwcleaner_2.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\APN
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0 (en-US)

File : C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&h[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hi[...]
Deleted : user_pref("extensions.515d1880d152c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6497 octets] - [16/04/2013 22:05:17]

########## EOF - C:\AdwCleaner[S1].txt - [6557 octets] ##########
  • 0

#7
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
OTL.Txt
Report:
OTL logfile created on: 4/16/2013 10:48:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.75% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.15 Gb Total Space | 3.27 Gb Free Space | 5.36% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 4.21 Gb Free Space | 4.79% Space Free | Partition Type: NTFS

Computer Name: DELACRUZ | User Name: Dela Cruz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 13:59:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\OTL.exe
PRC - [2013/04/10 17:22:41 | 009,802,032 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
PRC - [2013/04/09 16:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\ouc.exe
PRC - [2013/03/28 17:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/27 20:44:14 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/12/12 21:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/14 08:50:14 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/09/21 14:46:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/06/03 18:08:02 | 000,038,088 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/10/19 12:13:44 | 000,323,912 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2011/10/19 12:13:38 | 000,411,976 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2011/10/19 12:13:38 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2011/02/21 13:22:27 | 000,253,483 | ---- | M] (SHADOWDEFENDER.COM) -- C:\Program Files\Shadow Defender\DefenderDaemon.exe
PRC - [2008/04/14 05:42:20 | 001,551,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/11 10:50:20 | 000,027,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\VersionModule.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:23:06 | 000,955,696 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XLL.dll
MOD - [2013/04/10 17:23:01 | 000,816,944 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\ggplugin.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libmpg123.dll
MOD - [2013/04/10 17:22:41 | 009,802,032 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe
MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/04/03 21:40:51 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtNetwork4.dll
MOD - [2013/04/03 21:40:51 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtXml4.dll
MOD - [2013/04/03 21:40:51 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QueryStrategy.dll
MOD - [2013/04/03 21:40:50 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\QtCore4.dll
MOD - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\ouc.exe
MOD - [2013/04/03 21:40:49 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2013/04/03 21:40:49 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Smart Bro\OnlineUpdate\mingwm10.dll
MOD - [2013/03/13 18:06:04 | 001,543,984 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\FileSender.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CxImage.dll
MOD - [2013/02/28 17:17:36 | 000,188,208 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggspawn.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\TaskManagerLib.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\XmlUIModule.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/06/03 18:08:02 | 000,623,816 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2012/06/03 18:08:02 | 000,038,088 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2012/06/03 18:04:22 | 000,013,824 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
MOD - [2012/06/03 18:04:18 | 000,046,592 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- D:\Program Files\GarenaLoLPH_Launcher\GameData\ggcode.dll
MOD - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/08/18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\vorbis.dll
MOD - [2008/08/18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\ogg.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/04 12:38:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 21:40:49 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Smart Bro\UpdateDog\ouc.exe -- (Smart Bro. RunOuc)
SRV - [2013/03/14 15:57:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/21 14:46:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/31 03:10:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/11 08:06:10 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/04/11 07:59:14 | 000,542,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/04/03 02:46:58 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/11/16 02:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/10/19 12:13:38 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/10 03:14:50 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 21:40:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/04/03 21:40:51 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/04/03 21:40:51 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/04/03 21:40:51 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/02/22 15:17:04 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/02/22 15:17:04 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/05 17:52:46 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/12/06 01:13:58 | 000,022,112 | -HS- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\GarenaLoLPH_Launcher\GameData\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2012/11/22 08:43:14 | 000,112,480 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/04/11 23:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012/04/07 02:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/02/22 18:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 14:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/04/19 08:52:48 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2011/03/31 19:36:10 | 000,204,384 | ---- | M] (SHADOWDEFENDER.COM) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\diskpt.sys -- (diskpt)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2008/04/17 16:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/02/15 15:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 20:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Documents and Settings\Dela Cruz\Application Data\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Program Files\GarenaLoLPH_Launcher\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/04 12:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Dela Cruz\Application Data\IDM\idmmzcc5 [2013/01/17 22:23:43 | 000,000,000 | ---D | M]

[2012/06/05 14:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Extensions
[2013/04/16 22:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions
[2012/09/25 20:35:42 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\extensions\[email protected]
[2013/04/16 22:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/21 14:08:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/04/04 12:38:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/04 12:38:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/04 12:38:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://websearch.hel...265&lg=EN&cc=PH
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.6_0\
CHR - Extension: One Piece Theme = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkhkehkllpkocgnlbkmpkcicednmbfnp\2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/10 16:45:13 | 000,000,788 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Shadow Defender Daemon] C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [GarenaPlus] D:\Program Files\GarenaLoLPH_Launcher\GameData\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Dela Cruz\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECEEA181-E40C-4D41-B6BE-B7940798E869}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dela Cruz\My Documents\Downloads\9gag.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/05 13:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/15 18:57:52 | 000,000,025 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/11/07 19:49:08 | 000,001,331 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O32 - AutoRun File - [2012/08/03 05:24:44 | 000,899,584 | ---- | M] () - D:\AutoHotkey.exe -- [ NTFS ]
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae90-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cfae93-9c64-11e2-842b-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12ee8539-a148-11e2-8437-0024215b0d23}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{388cb639-058b-11e2-a8d9-0024215b0d23}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d839e9-2d7e-11e2-a8eb-0024215b0d23}\Shell\AutoRun\command - "" = F:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 22:42:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/16 13:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Malwarebytes
[2013/04/16 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/16 13:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/16 13:35:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/16 13:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/16 13:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/04/16 13:15:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dela Cruz\Recent
[2013/04/16 13:03:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/04/16 12:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Age of Empires 2 HD Edition
[2013/04/15 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\CryptLoad_1.1.8
[2013/04/10 03:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Start Menu\Programs\DC-Unlocker
[2013/04/10 03:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Desktop\DC-Unlocker
[2013/04/10 03:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\pocketwifi
[2013/04/10 03:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\pocketwifi
[2013/04/04 15:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/04/04 02:38:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/04/04 02:34:18 | 000,181,784 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2013/04/04 02:34:17 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2013/04/04 02:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFree Codec
[2013/04/04 01:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2013/04/04 01:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\NativeFus_Log
[2013/04/04 01:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Samsung
[2013/04/04 01:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\Samsung
[2013/04/04 01:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\My Documents\samsung
[2013/04/03 21:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Bro
[2013/04/03 21:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Smart Bro
[2013/04/03 21:41:08 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/04/03 21:41:08 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/04/03 21:41:08 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/04/03 21:41:08 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/04/03 21:41:08 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/04/03 21:41:08 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/04/03 21:41:08 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/04/03 21:41:08 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/04/03 21:41:08 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/04/03 21:41:08 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2013/04/03 21:41:08 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2013/04/03 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Bro
[2013/04/03 21:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/03/28 22:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/03/21 16:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\iFunbox_UserCache
[2013/03/21 16:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\i-Funbox DevTeam
[2013/03/21 16:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\i-Funbox DevTeam
[2013/03/20 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dela Cruz\Application Data\.minecraft
[2013/03/18 15:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2013/03/18 15:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/16 22:46:49 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/04/16 22:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/16 22:08:36 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/04/16 21:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/16 21:20:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003UA.job
[2013/04/16 13:35:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 13:33:49 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Dela Cruz\ntuser.pol
[2013/04/16 13:21:31 | 000,201,802 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\poclbm130302GeForce 9500 GTv1w256l4.bin
[2013/04/16 13:18:34 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/16 12:47:46 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires 2 HD Edition.lnk
[2013/04/16 12:20:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/04/14 22:31:17 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Age of Empires II HD.lnk
[2013/04/14 21:58:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/12 05:18:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/12 01:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1659004503-725345543-1003Core.job
[2013/04/10 13:19:53 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Shortcut to vlc.lnk
[2013/04/10 08:13:28 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 08:13:28 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Google Chrome.lnk
[2013/04/10 03:14:50 | 000,013,816 | ---- | M] () -- C:\WINDOWS\System32\unikey.sys
[2013/04/10 03:14:45 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\dc-unlocker client.lnk
[2013/04/06 02:31:38 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/04 15:02:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/04 03:09:36 | 000,002,759 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\.TransferManager.db
[2013/04/04 02:23:32 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/04 02:23:32 | 000,088,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/04 02:07:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/04/03 21:40:51 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2013/04/03 21:40:51 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2013/04/03 21:40:51 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2013/04/03 21:40:51 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2013/04/03 21:40:51 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2013/04/03 21:40:51 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2013/04/03 21:40:51 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2013/04/03 21:40:51 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2013/04/03 21:40:51 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2013/04/03 21:40:51 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2013/04/03 21:40:51 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2013/03/26 12:29:56 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\My Documents\AutoHotkey.ahk
[2013/03/25 23:31:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/22 10:32:42 | 134,528,834 | ---- | M] () -- C:\Documents and Settings\Dela Cruz\Desktop\Block Fortress (v1.0.1 3GS Univ os43)-[CrackLords]-B_H.ipa
[2013/03/21 16:01:02 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iFunbox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/16 13:35:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 13:33:17 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Dela Cruz\ntuser.pol
[2013/04/16 13:21:31 | 000,201,802 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\poclbm130302GeForce 9500 GTv1w256l4.bin
[2013/04/16 13:18:34 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/16 12:47:46 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires 2 HD Edition.lnk
[2013/04/14 22:31:17 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Age of Empires II HD.lnk
[2013/04/10 13:19:53 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Shortcut to vlc.lnk
[2013/04/10 03:12:40 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys
[2013/04/10 03:12:28 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Application Data\Microsoft\Internet Explorer\Quick Launch\dc-unlocker client.lnk
[2013/04/04 03:09:36 | 000,002,759 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\.TransferManager.db
[2013/04/04 02:07:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/04/03 21:41:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013/03/22 10:03:01 | 134,528,834 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Desktop\Block Fortress (v1.0.1 3GS Univ os43)-[CrackLords]-B_H.ipa
[2013/03/21 16:01:02 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iFunbox.lnk
[2013/03/18 15:37:14 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\My Documents\AutoHotkey.ahk
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/01/15 19:58:31 | 000,000,320 | ---- | C] () -- C:\WINDOWS\con_34195430.ini
[2013/01/03 17:38:34 | 000,758,465 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1659004503-725345543-1003-0.dat
[2013/01/03 17:38:31 | 000,287,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/29 19:19:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2012/12/05 15:45:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/10/09 10:25:44 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/08/01 00:46:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\fusioncache.dat
[2012/07/13 16:41:14 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 14:46:41 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/07/01 01:40:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/05 20:51:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/05 17:18:44 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/05 17:01:53 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/05 17:01:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/05 16:55:34 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/06/05 14:22:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\diskpt.dat
[2012/06/05 14:09:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/05 13:33:25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2012/06/05 13:30:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/06/05 13:28:11 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/06/05 13:02:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/05 12:58:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/06/05 13:31:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 003,682,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/25 23:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2012/11/14 00:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/10 03:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012/09/13 16:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/01/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
[2013/04/16 22:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2012/06/11 23:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2013/03/29 14:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/12/20 15:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/05 15:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/04/04 02:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/04/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Bro
[2012/06/11 19:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/12/31 22:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2012/12/01 22:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2013/02/09 19:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/03/20 13:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\.minecraft
[2012/12/01 22:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\AnvSoft
[2012/12/02 00:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Audacity
[2012/06/11 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Camfrog
[2012/11/14 07:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\DAEMON Tools Lite
[2013/04/16 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\DMCache
[2013/03/01 18:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Enterbrain
[2013/03/01 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\FFSJ
[2012/10/09 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\FreeBurner
[2013/01/22 01:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Garena
[2013/04/16 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\GarenaPlus
[2012/12/01 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\HandBrake
[2013/04/16 13:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\IDM
[2013/03/22 10:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\iFunbox_UserCache
[2012/07/01 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\LolClient
[2012/06/05 17:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\LolClient2
[2012/12/30 20:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\ManyCam
[2012/09/30 03:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\PowerISO
[2012/07/13 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\raidcall
[2012/06/05 15:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Rainmeter
[2013/02/10 13:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\redsn0w
[2013/04/04 01:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Samsung
[2012/06/05 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Shadow Defender
[2012/12/31 18:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\SystemRequirementsLab
[2013/01/05 00:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\TeamViewer
[2013/03/10 20:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Tunngle
[2002/01/01 00:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\TypingMaster7
[2013/03/10 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Unity
[2013/04/16 22:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\uTorrent
[2013/01/03 17:01:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Virtual CD v10
[2012/12/01 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\Xilisoft
[2012/12/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\xim
[2012/12/16 21:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dela Cruz\Application Data\YaTQA

========== Purity Check ==========



< End of report >
  • 0

#8
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
W O W! I just realize i can open everything now :) Thank you Phel Thank you Very much Thank you Thank you! Waaah This is so Awesome :P You are the Best Phel!!!! Thank you to your Teacher to that helped you Helping me :) I Dont know how can I help back Is there Anything I can do to Help you and Geekstogo team :) I Really Want to Help but im not good in doing what pro's do Like you guys :) Do you guys prefer If I Put your Geekstogo team at our Country Forums? Will it help you? Hmm :)
  • 0

#9
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Oh yeah Phel What is this Thumbs.db?
  • 0

#10
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Bitcion miner warning.

If you are using cryptocurrency, called Bitcoin, please change password from your wallet. Please note, that Bitcoin miners - special programs to earn Bitcoins could steal all your wallet. So, I advise you to be extremly accurate and carefule before launching any program like that.

Okay, nice to hear, that your computer is running better now.:) Please, don't leave this topic - you still have some peices of malware in your system. Follow these steps:

Step 1. Changing Chrome homepage.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you you want. Your current Chrome homepage is malicious.

Step 2. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

What is this Thumbs.db?


Where is this file located?
  • 0

Advertisements


#11
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Good Morning phel :)


I dont know what is wallet and where can i find it sorry.
It suddenly shows up in the desktop then It will Disappear again. :) What to do if i saw it again should i delete it?

Edited by frichieny, 16 April 2013 - 07:11 PM.

  • 0

#12
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
AdwCleaner[R1]
Report:
# AdwCleaner v2.200 - Logfile created 04/17/2013 at 09:08:48
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dela Cruz - DELACRUZ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\adwcleaner_2.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

File : C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.2243] : homepage = "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH",
Found [l.2967] : urls_to_restore_on_startup = [ "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=PH" ]

*************************

AdwCleaner[R1].txt - [1154 octets] - [17/04/2013 09:08:48]
AdwCleaner[S1].txt - [6626 octets] - [16/04/2013 22:05:17]

########## EOF - C:\AdwCleaner[R1].txt - [1274 octets] ##########
  • 0

#13
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Please, don't leave this topic, your system isn't completely clean.

Please, follow these steps:

Step 1. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • ESET Online Scanner's log
  • MBAM log

It suddenly shows up in the desktop then It will Disappear again.


That's just a normal occurrence. If you wish to hide this file, follow these Steps:

  • Open Windows Explorer.
  • In the toolbar at the top of the window click on the Tools menu.
  • Click Folder Options.
  • New window should appear. Click on the View tab.
  • Move radiobutton in the Don't show hidden files, folder or drives position.
  • Pick a tick near Hide protected operating system files (Recommended).
  • Click Apply button.

  • 0

#14
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Good morning Phel :)

After I run the AdwCleaner then opened chrome I remember The chrome said like The preference is invalid unable to load something like that and my chrome theme was removed :)

AdwCleaner[S2]
Report

# AdwCleaner v2.200 - Logfile created 04/18/2013 at 11:29:57
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dela Cruz - DELACRUZ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dela Cruz\My Documents\Downloads\Programs\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

File : C:\Documents and Settings\Dela Cruz\Application Data\Mozilla\Firefox\Profiles\b7nkeiwq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Dela Cruz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.2315] : homepage = "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hid=2800560265&lg=EN&cc=P[...]
Deleted [l.3047] : urls_to_restore_on_startup = [ "hxxp://websearch.helpmefindyour.info/?pid=625&r=2013/04/16&hi[...]

*************************

AdwCleaner[R1].txt - [1343 octets] - [17/04/2013 09:08:48]
AdwCleaner[S1].txt - [6626 octets] - [16/04/2013 22:05:17]
AdwCleaner[S2].txt - [1256 octets] - [18/04/2013 11:29:57]

########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
  • 0

#15
frichieny

frichieny

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts
Mbam
Result:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dela Cruz :: DELACRUZ [administrator]

Protection: Enabled

4/18/2013 11:51:42 AM
mbam-log-2013-04-18 (11-51-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225986
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP