Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect, Multiple Pop-ups, and New Windows & Tabs Opening


  • This topic is locked This topic is locked
48 replies to this topic

#1 kennylim20

kennylim20

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 05:37 AM

Hello,

 

I am facing a problem with my browser where multiple pop-ups and re-directs are happening although I did not click a different link.

 

The case is similar to this: http://www.bleepingcomputer.com/forums/t/522687/redirect-multiple-pop-ups-and-new-windows-tabs-opening/

 

Please do guide me on how to solve the issue.

 

 

Thank you.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 21 May 2014 - 09:40 AM

:welcome:

Hello kennylim20,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 12:30 PM

Hello Jo,

 

Thanks for your reply and below are the results you asked for.

 

 

Security Check Results

 Results of screen317's Security Check version 0.99.83  
 Windows XP Service Pack 2 x86   
 Internet Explorer 6 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Java 7 Update 15  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox (28.0) 
 Google Chrome 34.0.1847.131  
 Google Chrome 34.0.1847.137  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe 
 Ad-Aware AAWTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
 
 
OTL Results

OTL logfile created on: 5/22/2014 1:19:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.01% Memory free
3.85 Gb Paging File | 2.90 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.26 Gb Total Space | 30.64 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 78.26 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
 
Computer Name: USER-72B317D810 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\User\My Documents\Downloads\SecurityCheck.exe ()
PRC - C:\Program Files\LemurLeap\bin\LemurLeap.BrowserAdapter.exe ()
PRC - C:\Program Files\LemurLeap\updateLemurLeap.exe ()
PRC - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe ()
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\User\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
PRC - C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\InputDirectorClipboardHelper.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\IDWinService.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\User\My Documents\Downloads\SecurityCheck.exe ()
MOD - C:\Program Files\LemurLeap\bin\LemurLeap.BrowserAdapter.exe ()
MOD - C:\Program Files\LemurLeap\updateLemurLeap.exe ()
MOD - C:\Program Files\LemurLeap\bin\utilLemurLeap.exe ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
MOD - C:\Program Files\Input Director\IDWinService.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Resources.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\unrar.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Update LemurLeap) -- C:\Program Files\LemurLeap\updateLemurLeap.exe ()
SRV - (Util LemurLeap) -- C:\Program Files\LemurLeap\bin\utilLemurLeap.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (InputDirector) -- C:\Program Files\Input Director\IDWinService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva219) -- C:\WINDOWS\system32\XDva219.sys File not found
DRV - (WDICA) --  File not found
DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NTACCESS) -- E:\NTACCESS.sys File not found
DRV - (npkcrypt) -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (glphw) -- System32\drivers\gwuql.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Messenger\Room\safedrv.sys File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) --  File not found
DRV - (tStLib) -- C:\WINDOWS\system32\drivers\tStLib.sys (StdLib)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (GarenaPEngine) -- C:\Documents and Settings\User\Local Settings\Temp\HOCC5.tmp ()
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (Mkd2kfNt) -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)
DRV - (Mkd2Nadr) -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=133&systemid=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=zgametb&v=2_0&ent=ch_6252&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481730
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search The Web"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "&tn=dealio_dg&wd={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.my/"
FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7BD394D188-BAC7-4e03-8FAF-389A4D7EC6F4%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B4e38134d-ba98-4066-b898-e296d8acc938%7D:1.0
FF - prefs.js..extensions.enabledAddons: ext%40MediaWatchV1home793.net:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/23 14:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha5047.net: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha5047\ff [2014/01/08 18:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta404.net: C:\Program Files\VideoPlayerV3\VideoPlayerV3beta404\ff [2014/01/10 18:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha942.net: C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha942\ff [2014/01/31 16:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha415.net: C:\Program Files\MediaViewerV1\MediaViewerV1alpha415\ff [2014/02/24 19:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha606.net: C:\Program Files\MediaViewV1\MediaViewV1alpha606\ff [2014/02/27 23:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha6006.net: C:\Program Files\MediaViewV1\MediaViewV1alpha6006\ff [2014/03/17 10:01:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaWatchV1home793.net: C:\Program Files\MediaWatchV1\MediaWatchV1home793\ff [2014/03/22 23:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaBuzzV1mode670.net: C:\Program Files\MediaBuzzV1\MediaBuzzV1mode670\ff [2014/04/25 23:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@RichMediaViewV1release7147.net: C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ff [2014/05/14 23:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/30 21:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/15 11:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2014/01/17 19:31:57 | 000,000,000 | ---D | M]
 
[2014/04/08 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/05/04 14:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions
[2014/03/30 20:20:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/04 21:41:10 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/01/04 21:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2014/05/04 14:17:04 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\anttoolbar@ant.com
[2011/10/21 00:26:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\ffxtlbr@babylon.com
[2013/10/13 22:50:03 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\ffxtlbr@delta.com
[2014/03/18 23:21:00 | 000,063,388 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\fbdislike@doweb.fr.xpi
[2012/09/07 21:43:17 | 000,001,911 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2012/06/23 12:15:59 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 12:54:16 | 000,001,781 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
[2014/01/10 12:54:09 | 000,009,948 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi
[2010/11/08 16:06:18 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\askcom.xml
[2010/09/02 16:09:28 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\iMeshWebSearch.xml
[2013/03/30 15:00:40 | 000,002,683 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\Search_Results.xml
[2014/04/08 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/30 21:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com
[2014/03/30 21:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 21:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/25 23:02:05 | 000,000,000 | ---D | M] (Media Buzz) -- C:\PROGRAM FILES\MEDIABUZZV1\MEDIABUZZV1MODE670\FF
[2014/03/22 23:02:07 | 000,000,000 | ---D | M] (Media Watch) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME793\FF
[2014/05/14 23:02:08 | 000,000,000 | ---D | M] (Rich Media View) -- C:\PROGRAM FILES\RICHMEDIAVIEWV1\RICHMEDIAVIEWV1RELEASE7147\FF
[2008/01/23 14:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Garena Talk Plugin (Enabled) = C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Media View = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\angikpmbdbfmigdogeiacgfbbailnkbo\1.1_0\
CHR - Extension: Shopping Suggestion = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejbpjlaagejfakeobljhgplbgklgemll\1.0.0_0\
CHR - Extension: Delta Toolbar = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.6.2_0\
CHR - Extension: Media Watch = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\finmknledcgndlpmpoklnfledopkdemc\1.1_0\
CHR - Extension: Media Viewer = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjfadiblffhgkbgjcladmapdfeahbjmj\1.1_0\
CHR - Extension: Media Buzz = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gnfnkjcpiacabcojhgihnkglbffeddkl\1.1_0\
CHR - Extension: Media View = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhomjeiaplklmfcfepiepjgalohphojf\1.1_0\
CHR - Extension: Video Player = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kaldoalghmijhimeggmldcgfghloikeg\1.1_0\
CHR - Extension: Webexp Enhanced = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kepagcagjfkhhcbnfipndgdbppipfhid\1.1_0\
CHR - Extension: DVDVideoSoft = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Rich Media View = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nojkmbhlejamildlpaglddkahjaomace\1.1_0\
 
O1 HOSTS File: ([2006/06/22 08:08:24 | 000,000,068 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       gameguard.mapleglobal.com
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Thunder Browser Helper) - {0347C33D-8762-4905-BF09-768834316C61} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Rich Media View) - {8be29f82-b9c2-4bb3-aabf-80e0095914f6} - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ie\RichMediaViewV1release7147.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Proxy Help) - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\WINDOWS\system32\Newtabs_v9.dll (Newtabs. inc)
O2 - BHO: (Shopping Suggestion) - {F6C07882-D703-4DD5-905A-2C4E815A5066} - C:\Documents and Settings\User\Application Data\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll (WW3, LLC)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe"  -osboot File not found
O4 - HKLM..\Run: [UsageLoader] "C:\Program Files\VLC Player GPU+\UsageLog.exe" File not found
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [closethe] C:\DOCUME~1\User\APPLIC~1\TRUSTC~1\Soapokay.exe File not found
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Messenger\GarenaMessenger.exe ()
O4 - HKCU..\Run: [InputDirector] C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [PPS Accelerator] D:\Program Files\PPStream\ppsap.exe File not found
O4 - HKCU..\Run: [SDP] C:\Documents and Settings\User\Local Settings\Application Data\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [test] C:\WINDOWS\bat_starter.exe (gstu)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - D:\Program Files\4shared Desktop\down_all.htm File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9 - Extra Button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra 'Tools' menuitem : Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C84A2057-9CBF-468D-944C-A82D0404A5EE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 18:59:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b7c6171-8950-11de-ba80-001d92a287d4}\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun\command - "" = F:\SecureLogin.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Explore\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Open\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Scan for Viruses\command - "" = Scanner.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/21 13:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\CyberLink PowerDVD
[2014/05/14 23:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\RichMediaViewV1
[2014/05/10 19:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2014/05/09 08:53:36 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2014/05/08 19:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2014/05/04 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Job
[2014/05/04 15:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Spoon
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFArea
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFArea
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2014/05/04 13:47:15 | 000,596,000 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPMC211.dll
[2014/05/04 13:45:30 | 000,536,760 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211.dll
[2014/05/04 13:45:30 | 000,271,032 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211LM.dll
[2014/05/04 13:45:29 | 002,220,216 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkinsC211.exe
[2014/05/04 13:45:29 | 000,222,904 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoiC211.dll
[2014/05/04 13:44:45 | 002,525,368 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_DJ2540.dll
[2014/05/04 13:44:44 | 000,417,464 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_DJ2540.dll
[2014/04/25 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\MediaBuzzV1
[2009/09/15 07:27:52 | 285,525,896 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\User\cs16full_v6.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 01:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/22 00:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/21 23:02:04 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/05/21 20:40:51 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/05/21 16:16:06 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2014/05/21 14:00:53 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/21 13:53:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/05/21 13:47:54 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/21 13:01:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/21 13:01:24 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2014/05/21 13:00:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/20 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2014/05/20 13:39:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/19 01:59:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/19 01:59:07 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/19 00:09:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/17 17:35:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/14 23:03:05 | 000,001,636 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/05/14 22:20:27 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/05/14 22:20:26 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/14 12:52:02 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/14 10:10:50 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/08 21:31:33 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:35:00 | 004,330,851 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:33:01 | 004,883,964 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:16 | 002,017,461 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:14 | 000,001,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:15:38 | 000,431,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/08 21:31:32 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:34:56 | 004,330,851 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:32:57 | 004,883,964 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:14 | 002,017,461 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/05/04 13:47:14 | 000,001,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:33:24 | 000,431,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2014/01/31 16:05:06 | 000,001,636 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/22 01:14:01 | 000,595,618 | ---- | C] () -- C:\WINDOWS\libcurl-4.dll
[2013/12/22 01:14:01 | 000,031,232 | ---- | C] () -- C:\WINDOWS\cmdow.exe
[2013/11/07 10:46:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2013/11/07 10:46:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2013/11/07 10:46:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2013/03/31 18:29:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\ŸcŸc
[2012/10/16 17:35:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/07/13 14:55:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\٬٬
[2011/10/21 01:21:12 | 000,005,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\knmesfut.gey
[2011/06/24 16:08:47 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[2011/06/23 14:46:27 | 000,447,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/21 11:41:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/26 17:01:35 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\User\pool.bin
[2009/09/15 07:28:07 | 009,164,711 | ---- | C] () -- C:\Documents and Settings\User\cs16-bots.zip
[2009/09/07 15:34:14 | 000,200,846 | ---- | C] () -- C:\Program Files\RuntimeSetup.exe
[2009/09/07 15:34:14 | 000,001,068 | ---- | C] () -- C:\Program Files\runtimesetup.ini
[2009/09/07 15:34:08 | 002,156,598 | ---- | C] () -- C:\Program Files\1.bmp
[2008/11/23 15:47:02 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/10/21 14:32:06 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2008/08/23 18:54:16 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008/12/02 13:37:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/10 13:21:20 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 18:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/05 18:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/03/01 22:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2011/10/21 00:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/10/24 15:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2014/04/03 16:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2014/01/17 19:32:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/18 13:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garena
[2013/09/06 01:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[2014/05/08 21:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2012/12/03 09:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2014/05/08 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2010/07/31 22:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/04/28 18:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2013/11/01 23:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2013/11/21 01:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/04/24 22:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Okay meta anti lite
[2011/04/21 20:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2014/05/08 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2010/01/29 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2013/11/01 23:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/05/08 23:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/08 20:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2010/04/21 14:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2012/10/23 17:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSLOG
[2014/01/17 19:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/08/25 15:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2014/05/04 13:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2008/12/30 23:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/07 20:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xunlei
[2009/03/28 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/23 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/31 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2014/04/08 20:02:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/18 23:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2014/01/17 19:32:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2011/10/21 02:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AnvSoft
[2011/06/24 21:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Application Updater
[2011/07/01 22:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auto-Joiner
[2013/10/13 22:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BabSolution
[2011/10/21 00:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Babylon
[2012/10/16 17:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Baidu
[2011/04/21 11:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/19 21:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.facebook.photouploader.PhotoUploader.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/06 23:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2014/01/10 12:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4
[2013/10/13 22:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Delta
[2009/06/16 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DragonicaSCB
[2014/01/13 19:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2014/01/17 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoft
[2010/03/06 13:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\funkitron
[2012/06/18 13:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Garena
[2013/09/06 01:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GarenaPlus
[2009/03/14 00:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/04/28 23:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\imeshbandmltbpi
[2012/12/03 09:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leawo
[2011/04/26 19:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient
[2010/07/31 22:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mean Hamster
[2012/05/08 21:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mobipocket
[2014/05/21 13:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\newnext.me
[2012/10/24 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Octoshape
[2014/01/17 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenCandy
[2010/06/25 21:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhotoScape
[2010/01/29 18:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2008/11/19 19:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3
[2012/01/25 18:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2013/05/26 21:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchresultstb
[2011/05/01 15:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2013/12/22 01:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SwvUpdater
[2012/12/03 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tiger-k
[2012/01/22 17:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TigerPlayer
[2009/04/26 12:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trust camp bold
[2014/01/17 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2013/10/13 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
 
< End of report >
 
 
 
Extras Results
OTL Extras logfile created on: 5/22/2014 1:19:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.01% Memory free
3.85 Gb Paging File | 2.90 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.26 Gb Total Space | 30.64 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 78.26 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
 
Computer Name: USER-72B317D810 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9238:TCP" = 9238:TCP:*:Enabled:BitComet 9238 TCP
"9238:UDP" = 9238:UDP:*:Enabled:BitComet 9238 UDP
"25055:TCP" = 25055:TCP:*:Enabled:BitComet 25055 TCP(ED2K)
"25055:UDP" = 25055:UDP:*:Enabled:BitComet 25055 UDP(ED2K)
"19892:TCP" = 19892:TCP:*:Enabled:BitComet 19892 TCP(ED2K)
"19892:UDP" = 19892:UDP:*:Enabled:BitComet 19892 UDP(ED2K)
"11791:TCP" = 11791:TCP:*:Enabled:BitComet 11791 TCP
"11791:UDP" = 11791:UDP:*:Enabled:BitComet 11791 UDP
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"6906:TCP" = 6906:TCP:*:Enabled:League of Legends Launcher
"6906:UDP" = 6906:UDP:*:Enabled:League of Legends Launcher
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"5357:TCP" = 5357:TCP:*:Enabled:WS-Eventing TCP Port 5357
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- (Imperative Software Pty Ltd)
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()
"C:\Program Files\Input Director\InputDirectorClipboardHelper.exe" = C:\Program Files\Input Director\InputDirectorClipboardHelper.exe:*:Enabled:Input Director Clipboard Helper -- (Imperative Software Pty Ltd)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"D:\Program Files\Garena\Garena.exe" = D:\Program Files\Garena\Garena.exe:*:Enabled:Garena
"D:\Program Files\Ares\Ares.exe" = D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"D:\Program Files\BitComet\BitComet.exe" = D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Counter-Strike\hl.exe" = C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe" = C:\Program Files\Electronic Arts\Red Alert 3\RA3.exe:*:Enabled:Command & Conquer™ Red Alert™ 3
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.0.game" = C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.4.game" = C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe" = C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe:*:Enabled:BlackShot
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
"D:\Danny\Left 4 Dead\left4dead.exe" = D:\Danny\Left 4 Dead\left4dead.exe:*:Enabled:left4dead
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" = C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher
"F:\WIZET\MapleStory\HShield\HSUpdate.exe" = F:\WIZET\MapleStory\HShield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Documents and Settings\User\Desktop\yong yong\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Documents and Settings\User\Desktop\yong yong\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Documents and Settings\User\Desktop\counter strike 1.6\Counter-Strike\hl.exe" = C:\Documents and Settings\User\Desktop\counter strike 1.6\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher
"D:\Program Files\Counter-Strike\hl.exe" = D:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\PPStream\PPStream.exe" = D:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"D:\Program Files\PPStream\PPSAP.exe" = D:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"D:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = D:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Program Files\WIZET\MapleStory\Patcher.exe" = C:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher.exe
"C:\Documents and Settings\User\Desktop\yong yong\WIZET\MapleStory\Patcher.exe" = C:\Documents and Settings\User\Desktop\yong yong\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
"D:\Program Files\WIZET\MapleStory\Patcher.exe" = D:\Program Files\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Program Files\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"D:\Program Files\Counter-Strike Source\hl2.exe" = D:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe" = C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate7.1.5.2152
"C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\XLDoctorUI.exe" = C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.5.2152_1\Program\XLDoctorUI.exe:*:Enabled:XLDoctorUI7.1.5.2152
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Documents and Settings\User\My Documents\Downloads\LoLInstaller.exe" = C:\Documents and Settings\User\My Documents\Downloads\LoLInstaller.exe:*:Enabled:Garena Installer
"C:\Program Files\Garena Messenger\Apps\LoL\Air\LolClient.exe" = C:\Program Files\Garena Messenger\Apps\LoL\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Program Files\Garena Messenger\Apps\LoL\Game\League of Legends.exe" = C:\Program Files\Garena Messenger\Apps\LoL\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Program Files\MapleStorySEA\HShield\HSUpdate.exe" = D:\Program Files\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate
"D:\Program Files\MapleStorySEA\Patcher.exe" = D:\Program Files\MapleStorySEA\Patcher.exe:*:Enabled:Patcher MFC ?? ????
"C:\Program Files\MapleStorySEA\Patcher.exe" = C:\Program Files\MapleStorySEA\Patcher.exe:*:Enabled:Patcher MFC ?? ???? -- ()
"C:\Program Files\MapleStorySEA\NewPatcher.exe" = C:\Program Files\MapleStorySEA\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????
"C:\Program Files\MapleStorySEA\HShield\HSUpdate.exe" = C:\Program Files\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate -- (AhnLab, Inc.)
"C:\Documents and Settings\User\My Documents\Downloads\AuraSea.exe" = C:\Documents and Settings\User\My Documents\Downloads\AuraSea.exe:*:Enabled:AuraSEA
"C:\Documents and Settings\User\Desktop\AuraSea.exe" = C:\Documents and Settings\User\Desktop\AuraSea.exe:*:Enabled:AuraSEA
"F:\MapleStorySEA\HShield\HSUpdate.exe" = F:\MapleStorySEA\HShield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Documents and Settings\User\My Documents\Downloads\AuraSea(2).exe" = C:\Documents and Settings\User\My Documents\Downloads\AuraSea(2).exe:*:Enabled:AuraSEA
"C:\Documents and Settings\User\Desktop\AuraSea(2).exe" = C:\Documents and Settings\User\Desktop\AuraSea(2).exe:*:Enabled:AuraSEA
"C:\Program Files\Garena Messenger\Room\garena_room.exe" = C:\Program Files\Garena Messenger\Room\garena_room.exe:*:Enabled:Garena -- ()
"C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)
"C:\Documents and Settings\User\My Documents\Downloads\HoNInstaller.exe" = C:\Documents and Settings\User\My Documents\Downloads\HoNInstaller.exe:*:Enabled:Garena Installer
"D:\Program Files\GarenaHoN\GameData\Apps\HoN\hon.exe" = D:\Program Files\GarenaHoN\GameData\Apps\HoN\hon.exe:*:Enabled:Heroes of Newerth
"C:\Program Files\Garena Messenger\GarenaMessenger.exe" = C:\Program Files\Garena Messenger\GarenaMessenger.exe:*:Enabled:Garena Plus -- ()
"C:\Program Files\Garena Messenger\UpdateManager.exe" = C:\Program Files\Garena Messenger\UpdateManager.exe:*:Enabled:UpdateManager Module -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduP2PService.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduP2PService.exe:*:Enabled:BaiduP2PService.exe
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\StatReport.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\StatReport.exe:*:Enabled:StatReport.exe
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduPlayer.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduPlayer.exe:*:Enabled:BaiduPlayer.exe
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduSetupAx_0.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduSetupAx_0.exe:*:Enabled:BaiduSetupAx_0.exe
"C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe" = C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe:*:Enabled:????????
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Garena Messenger\ggdllhost.exe" = C:\Program Files\Garena Messenger\ggdllhost.exe:*:Enabled:ggdllhost -- ()
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\YourFileDownloader\YourFile.exe" = C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe" = C:\Program Files\Steam\steamapps\common\dota 2 test\dota.exe:*:Enabled:Dota 2 Test -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\User\Desktop\Synergy\synergys.exe" = C:\Documents and Settings\User\Desktop\Synergy\synergys.exe:*:Enabled:Synergy
"C:\Program Files\Synergy\synergys.exe" = C:\Program Files\Synergy\synergys.exe:*:Enabled:Synergy
"C:\Program Files\Input Director\InputDirector.exe" = C:\Program Files\Input Director\InputDirector.exe:*:Enabled:Input Director -- (Imperative Software Pty Ltd)
"C:\Program Files\Input Director\InputDirectorSessionHelper.exe" = C:\Program Files\Input Director\InputDirectorSessionHelper.exe:*:Enabled:Input Director Session Helper -- ()
"C:\Program Files\Input Director\InputDirectorClipboardHelper.exe" = C:\Program Files\Input Director\InputDirectorClipboardHelper.exe:*:Enabled:Input Director Clipboard Helper -- (Imperative Software Pty Ltd)
"C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe" = C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2 -- ()
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 2540 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 2540 series) -- (Hewlett-Packard Co.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" =  Leawo Video Converter version  5.2.0.1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4539575D-C09D-4E71-B207-0F2D6BD74DA2}" = HP Deskjet 2540 series Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{575A25F9-3018-46F6-AB97-552B52770877}" = HP Deskjet 2540 series Basic Device Software
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{70A37467-3E1E-1B94-C1DC-F9B6946EE7E4}" = Adobe Photo Uploader for Facebook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6E08AC3-F00A-42B4-AF87-A30832769B23}" = Product Improvement Study for HP Deskjet 2540 series
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"bi_uninstaller" = Bundled software uninstaller
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.facebook.photouploader.PhotoUploader.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Photo Uploader for Facebook
"Convert Image To PDF_is1" = Convert Image To PDF
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"FilesFrog Update Checker" = FilesFrog Update Checker
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube Download_is1" = Free YouTube Download version 3.2.20.1230
"Garena" = Garena
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"im" = Garena Plus
"Image to PDF Converter Free_is1" = Image to PDF Converter Free 6.5
"Input Director" = Input Director v1.3 BETA
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"LemurLeap" = LemurLeap 3.0.0
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MediaBuzzV1mode670" = Media Buzz
"MediaPlayerV1alpha942" = Media Player
"MediaViewerV1alpha415" = Media Viewer
"MediaViewV1alpha6006" = Media View
"MediaViewV1alpha606" = Media View
"MediaWatchV1home793" = Media Watch
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.3
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"RichMediaViewV1release7147" = Rich Media View
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 205790" = Dota 2 Test
"Steam App 570" = Dota 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Player" = Video Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VLC Player GPU+11.041.44" = GPU Monitor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Webexp Enhanced" = Webexp Enhanced
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FLV Player" = FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/2/2014 12:12:52 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/3/2014 12:17:25 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/4/2014 10:52:57 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/5/2014 12:49:51 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/6/2014 12:45:54 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/7/2014 11:25:51 PM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application datamn~1.exe, version 1.0.0.1, faulting module
 , version 0.0.0.0, fault address 0x00000000.
 
Error - 4/8/2014 8:07:13 AM | Computer Name = USER-72B317D810 | Source = MsiInstaller | ID = 11706
Description = Product: Ad-Aware -- Error 1706. An installation package for the product
 Ad-Aware cannot be found. Try the installation again using a valid copy of the 
installation package 'Ad-AwareAE.msi'.
 
Error - 4/8/2014 8:08:41 AM | Computer Name = USER-72B317D810 | Source = MsiInstaller | ID = 11706
Description = Product: Ad-Aware -- Error 1706. An installation package for the product
 Ad-Aware cannot be found. Try the installation again using a valid copy of the 
installation package 'Ad-AwareAE.msi'.
 
Error - 4/8/2014 11:24:25 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
 module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
 
Error - 5/14/2014 11:03:38 AM | Computer Name = USER-72B317D810 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 28.0.0.5186, faulting
 module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
 
[ System Events ]
Error - 5/17/2014 5:45:32 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error:   %%3
 
Error - 5/17/2014 5:46:56 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 5/18/2014 1:05:52 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error:   %%3
 
Error - 5/18/2014 1:07:30 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 5/18/2014 10:44:56 PM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error:   %%3
 
Error - 5/18/2014 10:46:17 PM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 5/20/2014 1:39:41 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error:   %%3
 
Error - 5/20/2014 1:41:45 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 5/21/2014 1:01:09 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error:   %%3
 
Error - 5/21/2014 1:02:49 AM | Computer Name = USER-72B317D810 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
 
< End of report >
 
 

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 21 May 2014 - 01:04 PM

Hello kennylim20,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 10:24 PM

Hello Jo,   

Malwarebytes Anti-Rootkit 

I have updated the database of the beta version as I run the program.

 

I will run the scan now and later post the log file up as you said my computer will restart.

 

 

 

 

AdwCleaner Report

# AdwCleaner v3.210 - Report created 22/05/2014 at 11:14:50
# Updated 19/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : User - USER-72B317D810
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Update LemurLeap
Service Found : Util LemurLeap
 
***** [ Files / Folders ] *****
 
File Found : C:\DOCUME~1\User\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\iMeshWebSearch.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\user.js
File Found : C:\Documents and Settings\User\daemonprocess.txt
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Found : C:\Documents and Settings\User\My Documents\MyPC Backup.lnk
File Found : C:\WINDOWS\system32\Newtabs_v9.dll
File Found : C:\WINDOWS\Tasks\AmiUpdXp.job
File Found : C:\WINDOWS\Tasks\EPUpdater.job
File Found : C:\WINDOWS\Tasks\YourFile DownloaderUpdate.job
Folder Found : C:\DOCUME~1\User\LOCALS~1\Temp\AskSearch
Folder Found : C:\DOCUME~1\User\LOCALS~1\Temp\baidu
Folder Found : C:\DOCUME~1\User\LOCALS~1\Temp\mt_ffx
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\baidu
Folder Found : C:\Documents and Settings\User\Application Data\Application Updater
Folder Found : C:\Documents and Settings\User\Application Data\BabSolution
Folder Found : C:\Documents and Settings\User\Application Data\Babylon
Folder Found : C:\Documents and Settings\User\Application Data\baidu
Folder Found : C:\Documents and Settings\User\Application Data\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4
Folder Found : C:\Documents and Settings\User\Application Data\Delta
Folder Found : C:\Documents and Settings\User\Application Data\imeshbandmltbpi
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Conduit
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\ffxtlbr@delta.com
Folder Found : C:\Documents and Settings\User\Application Data\newnext.me
Folder Found : C:\Documents and Settings\User\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\User\Application Data\searchresultstb
Folder Found : C:\Documents and Settings\User\Application Data\SwvUpdater
Folder Found : C:\Documents and Settings\User\Application Data\YourFileDownloader
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Bundled software uninstaller
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\FilesFrog Update Checker
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\genienext
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\iMesh
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\webplayer
Folder Found : C:\Documents and Settings\User\My Documents\iMesh
Folder Found : C:\Documents and Settings\User\My Documents\Mobogenie
Folder Found : C:\Documents and Settings\User\Start Menu\Programs\FilesFrog Update Checker
Folder Found : C:\Documents and Settings\User\Start Menu\Programs\Mobogenie
Folder Found : C:\Program Files\baidu
Folder Found : C:\Program Files\BearShare Applications
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Delta
Folder Found : C:\Program Files\iMesh Applications
Folder Found : C:\Program Files\LemurLeap
Folder Found : C:\Program Files\MediaPlayerV1
Folder Found : C:\Program Files\MediaViewerV1
Folder Found : C:\Program Files\MediaViewV1
Folder Found : C:\Program Files\MediaWatchV1
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\RelevantKnowledge
Folder Found : C:\Program Files\Trymedia
Folder Found : C:\Program Files\VideoPlayerV3
Folder Found : C:\Program Files\WebexpEnhancedV1
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Documents and Settings\User\Start Menu\Programs\FLV Player\Uninstall.lnk (  _?=C:\Documents and Settings\User\Local Settings\Application Data\WebPlayer\FLV Player )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\SBConvert
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\Webplayer
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Found : HKLM\SOFTWARE\Classes\d
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2481730
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof
Key Found : HKLM\Software\MediaPlayerV1
Key Found : HKLM\Software\MediaViewerV1
Key Found : HKLM\Software\MediaViewV1
Key Found : HKLM\Software\MediaWatchV1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\V9Software
Key Found : HKLM\Software\YourFileDownloader
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduP2PService.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduPlayer.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduSetupAx_0.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\StatReport.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.2180
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://dts.search-results.com/sidebar.html?src=ssb&gct=ds&appid=133&systemid=2
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=ST3320620AS_6QF4ML7X____6QF4ML7X&ts=1354374966
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=ST3320620AS_6QF4ML7X____6QF4ML7X&ts=1354374966
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com/?utm_source=b&utm_medium=umz-2&from=umz-2&uid=ST3320620AS_6QF4ML7X____6QF4ML7X&ts=1354374966
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3349510604014034&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3349510604014034&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.v9.com/web/?q={searchTerms}
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\prefs.js ]
 
Line Found : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2233703.CT2501608.CommunityChanged", true);
Line Found : user_pref("CT2233703.CT2501609.CommunityChanged", true);
Line Found : user_pref("CT2233703.CT2501612.CommunityChanged", true);
Line Found : user_pref("CT2233703.CTID", "CT2233703");
Line Found : user_pref("CT2233703.CommunitiesChangesLastCheckTime", "Wed Apr 14 2010 21:24:41 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.CommunityChanged", true);
Line Found : user_pref("CT2233703.CurrentServerDate", "17-4-2010");
Line Found : user_pref("CT2233703.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2233703.EMailNotifierPollDate", "Sat Apr 17 2010 14:15:11 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.FirstServerDate", "25-3-2010");
Line Found : user_pref("CT2233703.FirstTime", true);
Line Found : user_pref("CT2233703.FirstTimeFF3", true);
Line Found : user_pref("CT2233703.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2233703.GroupingLastCheckTime", "Wed Apr 14 2010 21:24:41 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.GroupingLastErrorCode", "");
Line Found : user_pref("CT2233703.GroupingLastResponse", true);
Line Found : user_pref("CT2233703.GroupingLastServerUpdateTime", "129157245048300000");
Line Found : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2233703.Initialize", true);
Line Found : user_pref("CT2233703.InitializeCommonPrefs", true);
Line Found : user_pref("CT2233703.InstalledDate", "Thu Mar 25 2010 12:08:54 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.InvalidateCache", false);
Line Found : user_pref("CT2233703.IsGrouping", false);
Line Found : user_pref("CT2233703.IsMulticommunity", false);
Line Found : user_pref("CT2233703.IsOpenThankYouPage", true);
Line Found : user_pref("CT2233703.IsOpenUninstallPage", false);
Line Found : user_pref("CT2233703.LanguagePackLastCheckTime", "Fri Apr 16 2010 22:10:28 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2233703.LastLogin_2.5.6.0", "Sat Apr 17 2010 13:48:55 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.LatestVersion", "2.1.0.18");
Line Found : user_pref("CT2233703.Locale", "en");
Line Found : user_pref("CT2233703.LoginCache", 4);
Line Found : user_pref("CT2233703.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2233703.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2233703.RadioIsPodcast", false);
Line Found : user_pref("CT2233703.RadioLastCheckTime", "Fri Apr 16 2010 22:10:14 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
Line Found : user_pref("CT2233703.RadioMediaID", "11027882");
Line Found : user_pref("CT2233703.RadioMediaType", "Media Player");
Line Found : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT223370311027882");
Line Found : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
Line Found : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
Line Found : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2233703&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=");
Line Found : user_pref("CT2233703.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Fri Apr 16 2010 22:10:13 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2233703.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2233703.SettingsLastCheckTime", "Sat Apr 17 2010 13:48:52 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.SettingsLastUpdate", "1271243704");
Line Found : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Thu Apr 15 2010 16:08:22 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1271243704");
Line Found : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2233703.UserID", "UN59194684698834722");
Line Found : user_pref("CT2233703.ValidationData_Search", 1);
Line Found : user_pref("CT2233703.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2233703.WeatherNetwork", "");
Line Found : user_pref("CT2233703.WeatherPollDate", "Sat Apr 17 2010 14:15:11 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("CT2233703.WeatherUnit", "C");
Line Found : user_pref("CT2233703.alertChannelId", "631527");
Line Found : user_pref("CT2233703.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Line Found : user_pref("CT2233703.clientLogIsEnabled", false);
Line Found : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2233703.myStuffEnabled", true);
Line Found : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/youtube/youtube.html", "594x278");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://malaysia.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2233703");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Apr 16 2010 22:10:14 GMT+0800 (Malay Peninsula Standard Time)");
Line Found : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Search The Web");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("browser.search.selectedEngine", "Search The Web");
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100489");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Found : user_pref("extensions.BabylonToolbar.id", "fbde418900000000000002004c4f4f50");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15267");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=fbde418900000000000002004c4f4f50&tlver=1.4.35.10&affID=100489");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 26);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.100:26:36");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 79265120);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.100:26:36");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "fbde4189000000000000001d92a287d4");
Line Found : user_pref("extensions.delta.instlDay", "15991");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.622:50:01");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=120007&tt=02102013_ctrl1&tsp=5034");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=3349510604014034&o=APN10641&q=");
Line Found : user_pref("speedbitvideodownloader.Var1", "0");
Line Found : user_pref("speedbitvideodownloader.Var10", "0");
Line Found : user_pref("speedbitvideodownloader.Var2", "0");
Line Found : user_pref("speedbitvideodownloader.Var3", "0");
Line Found : user_pref("speedbitvideodownloader.Var4", "0");
Line Found : user_pref("speedbitvideodownloader.Var5", "0");
Line Found : user_pref("speedbitvideodownloader.Var6", "0");
Line Found : user_pref("speedbitvideodownloader.Var7", "0");
Line Found : user_pref("speedbitvideodownloader.Var8", "0");
Line Found : user_pref("speedbitvideodownloader.Var9", "0");
Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "55/15/21/5/112");
Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Found : user_pref("speedbitvideodownloader.guid", "%7BAADB9087-6992-6AE9-50A4-0BB3B323319C%7D");
Line Found : user_pref("speedbitvideodownloader.popupblockedcnt", "318");
Line Found : user_pref("speedbitvideodownloader.stored_history", "");
Line Found : user_pref("speedbitvideodownloader_installed_version", "2.1.2");
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Homepage] : hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034
Found [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Found [Extension] : ijblflkdjdopkpdgllkmlbgcffjbnfda
Found [Extension] : jlnfdbbladgcmhhamgkioifhbobjaoof
 
*************************
 
AdwCleaner[R0].txt - [39664 octets] - [22/05/2014 11:14:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [39725 octets] ##########

 

 
 
*I have seen the log and there does not seem to be any contents that I would like to keep (some players can just be downloaded after solving the issue).


#6 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 10:39 PM

Malwarebytes Anti-Rootkit (Update)

There are currently 10 Malware found.

 

I don't know whether the scan is still running or not as there does not seem to be any movement.

 

There is also no request for the computer to restart.

 

And I could not find that .MBAR folder. 

 

Where would it be located if exist?



#7 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 11:37 PM

Malwarebytes Anti-Rootkit (Update)

 

 
I did not see the two messages "Could not load protection driver" and "Could not load DDA driver".
 
15 Malware items are detected. 
 
I did NOT cleanup the malware as instructed by you.
 
However, I do not know where is the MBAR folder.

 

Do I "Exit" and do i check the "Create Restore Point" box?

 

 

Thank you.



#8 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 May 2014 - 11:41 PM

Malwarebytes Anti-Rootkit (Update)

I found the folder. It's on my desktop.

 

Below is the system-log you requested.

 

My apologies in advance for the multiple posts.

 

Do I exit the Malwarebytes anti-rootkit because I get the following message when I want to exit it:

 

"There are still unprocessed malware items remained. Do you really want to exit the application?"

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.2180
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.010000 GHz
Memory total: 2146676736, free: 833798144
 
Downloaded database version: v2014.05.22.01
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
------------ Kernel report ------------
     05/22/2014 11:25:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTD0301.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\tStLib.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\ASPI32.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\Disk points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a7e4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-12\
Lower Device Object: 0xffffffff8a7aad98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b0a20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a825688, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a7aad98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1100298, 0xffffffff8a7e4ab8, 0xffffffff89798040
Lower DeviceData: 0xffffffffe10b5f10, 0xffffffff8a7aad98, 0xffffffff897f0f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd0301.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70A0709
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 327693807
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 327693870  Numsec = 297443475
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{87CA3845-37FE-414C-81CF-E08A7D0F6779} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{988934A4-064B-11D3-BB80-00104B35E7F9} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A1DD29ED-2598-48E9-9793-64A9CD08AC94} --> [Trojan.BHO]
Infected: C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper.1 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61}\INPROCSERVER32 --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Local Settings\Temp\presetup.exe --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Desktop\Yong\Red\applications\CheatEngine54.exe --> [Riskware.Tool.CK]
Infected: C:\WINDOWS\bat_starter.exe --> [Trojan.Agent.MNRGen]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|test --> [Trojan.Agent.MNRGen]
Infected: HKLM\SOFTWARE\CLASSES\thunder --> [Trojan.Agent]
Scan finished


#9 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 22 May 2014 - 03:18 AM

Hello kennylim20,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 May 2014 - 05:00 AM

Hello Jo,

 

It took about an hour to scan completely.

 

I have cleaned up and rebooted the system.

 

Here is the MBAR log you requested:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.2180
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.010000 GHz
Memory total: 2146676736, free: 833798144
 
Downloaded database version: v2014.05.22.01
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
------------ Kernel report ------------
     05/22/2014 11:25:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTD0301.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\tStLib.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\ASPI32.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\Disk points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a7e4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-12\
Lower Device Object: 0xffffffff8a7aad98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b0a20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a825688, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a7aad98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1100298, 0xffffffff8a7e4ab8, 0xffffffff89798040
Lower DeviceData: 0xffffffffe10b5f10, 0xffffffff8a7aad98, 0xffffffff897f0f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd0301.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70A0709
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 327693807
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 327693870  Numsec = 297443475
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{87CA3845-37FE-414C-81CF-E08A7D0F6779} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{988934A4-064B-11D3-BB80-00104B35E7F9} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A1DD29ED-2598-48E9-9793-64A9CD08AC94} --> [Trojan.BHO]
Infected: C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper.1 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61}\INPROCSERVER32 --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Local Settings\Temp\presetup.exe --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Desktop\Yong\Red\applications\CheatEngine54.exe --> [Riskware.Tool.CK]
Infected: C:\WINDOWS\bat_starter.exe --> [Trojan.Agent.MNRGen]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|test --> [Trojan.Agent.MNRGen]
Infected: HKLM\SOFTWARE\CLASSES\thunder --> [Trojan.Agent]
Scan finished
User declined to cleanup malware.
User declined to cleanup malware.
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.2180
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.010000 GHz
Memory total: 2146676736, free: 1330302976
 
Downloaded database version: v2014.05.22.02
Downloaded database version: v2014.05.22.03
Initializing...
=======================================
------------ Kernel report ------------
     05/22/2014 16:38:05
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTD0301.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\tStLib.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\ASPI32.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\Disk points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a7e4ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-12\
Lower Device Object: 0xffffffff8a7aad98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff897f0f18
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b0a20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7e4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a825688, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a7aad98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1c0b978, 0xffffffff8a7e4ab8, 0xffffffff89798040
Lower DeviceData: 0xffffffffe3d5c8e8, 0xffffffff8a7aad98, 0xffffffff897f0f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd0301.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70A0709
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 327693807
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 327693870  Numsec = 297443475
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{87CA3845-37FE-414C-81CF-E08A7D0F6779} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{988934A4-064B-11D3-BB80-00104B35E7F9} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{A1DD29ED-2598-48E9-9793-64A9CD08AC94} --> [Trojan.BHO]
Infected: C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper.1 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XunLeiBHO.ThunderIEHelper --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0347C33D-8762-4905-BF09-768834316C61} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0347C33D-8762-4905-BF09-768834316C61}\INPROCSERVER32 --> [Trojan.BHO]
Infected: C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Local Settings\Temp\presetup.exe --> [Trojan.BHO]
Infected: C:\Documents and Settings\User\Desktop\Yong\Red\applications\CheatEngine54.exe --> [Riskware.Tool.CK]
Infected: C:\WINDOWS\bat_starter.exe --> [Trojan.Agent.MNRGen]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|test --> [Trojan.Agent.MNRGen]
Infected: HKLM\SOFTWARE\CLASSES\thunder --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
 
 
*There are still pop-ups on my browser though.


#11 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 22 May 2014 - 05:19 AM

Hello kennylim20,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 May 2014 - 06:38 AM

Hello Jo,

 

AdwCleaner.exe 

# AdwCleaner v3.210 - Report created 22/05/2014 at 19:09:14

# Updated 19/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : User - USER-72B317D810
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Update LemurLeap
[#] Service Deleted : Util LemurLeap
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\baidu
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\LemurLeap
Folder Deleted : C:\Program Files\MediaPlayerV1
Folder Deleted : C:\Program Files\MediaViewerV1
Folder Deleted : C:\Program Files\MediaViewV1
Folder Deleted : C:\Program Files\MediaWatchV1
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\RelevantKnowledge
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\VideoPlayerV3
Folder Deleted : C:\Program Files\WebexpEnhancedV1
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Bundled software uninstaller
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\FilesFrog Update Checker
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\webplayer
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\baidu
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\mt_ffx
Folder Deleted : C:\Documents and Settings\User\Application Data\Application Updater
Folder Deleted : C:\Documents and Settings\User\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\User\Application Data\baidu
Folder Deleted : C:\Documents and Settings\User\Application Data\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4
Folder Deleted : C:\Documents and Settings\User\Application Data\Delta
Folder Deleted : C:\Documents and Settings\User\Application Data\imeshbandmltbpi
Folder Deleted : C:\Documents and Settings\User\Application Data\newnext.me
Folder Deleted : C:\Documents and Settings\User\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\User\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\User\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\User\Application Data\YourFileDownloader
Folder Deleted : C:\Documents and Settings\User\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Documents and Settings\User\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\User\My Documents\iMesh
Folder Deleted : C:\Documents and Settings\User\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Conduit
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\ffxtlbr@delta.com
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi
File Deleted : C:\WINDOWS\system32\Newtabs_v9.dll
File Deleted : C:\Documents and Settings\User\daemonprocess.txt
File Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\User\My Documents\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\iMeshWebSearch.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\user.js
File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
File Deleted : C:\WINDOWS\Tasks\YourFile DownloaderUpdate.job
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Documents and Settings\User\Start Menu\Programs\FLV Player\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481730
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F386E548-C533-472E-8C61-C026FB14FEA9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{415419C3-DAD0-4DF1-AC37-22C72AD81878}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduP2PService.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\StatReport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduPlayer.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.45\BaiduSetupAx_0.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\MediaPlayerV1
Key Deleted : HKLM\Software\MediaViewerV1
Key Deleted : HKLM\Software\MediaViewV1
Key Deleted : HKLM\Software\MediaWatchV1
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.2180
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\prefs.js ]
 
Line Deleted : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2233703.CT2501608.CommunityChanged", true);
Line Deleted : user_pref("CT2233703.CT2501609.CommunityChanged", true);
Line Deleted : user_pref("CT2233703.CT2501612.CommunityChanged", true);
Line Deleted : user_pref("CT2233703.CTID", "CT2233703");
Line Deleted : user_pref("CT2233703.CommunitiesChangesLastCheckTime", "Wed Apr 14 2010 21:24:41 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.CommunityChanged", true);
Line Deleted : user_pref("CT2233703.CurrentServerDate", "17-4-2010");
Line Deleted : user_pref("CT2233703.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2233703.EMailNotifierPollDate", "Sat Apr 17 2010 14:15:11 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.FirstServerDate", "25-3-2010");
Line Deleted : user_pref("CT2233703.FirstTime", true);
Line Deleted : user_pref("CT2233703.FirstTimeFF3", true);
Line Deleted : user_pref("CT2233703.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2233703.GroupingLastCheckTime", "Wed Apr 14 2010 21:24:41 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT2233703.GroupingLastResponse", true);
Line Deleted : user_pref("CT2233703.GroupingLastServerUpdateTime", "129157245048300000");
Line Deleted : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2233703.Initialize", true);
Line Deleted : user_pref("CT2233703.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2233703.InstalledDate", "Thu Mar 25 2010 12:08:54 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.InvalidateCache", false);
Line Deleted : user_pref("CT2233703.IsGrouping", false);
Line Deleted : user_pref("CT2233703.IsMulticommunity", false);
Line Deleted : user_pref("CT2233703.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2233703.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2233703.LanguagePackLastCheckTime", "Fri Apr 16 2010 22:10:28 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2233703.LastLogin_2.5.6.0", "Sat Apr 17 2010 13:48:55 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.LatestVersion", "2.1.0.18");
Line Deleted : user_pref("CT2233703.Locale", "en");
Line Deleted : user_pref("CT2233703.LoginCache", 4);
Line Deleted : user_pref("CT2233703.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2233703.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2233703.RadioIsPodcast", false);
Line Deleted : user_pref("CT2233703.RadioLastCheckTime", "Fri Apr 16 2010 22:10:14 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
Line Deleted : user_pref("CT2233703.RadioMediaID", "11027882");
Line Deleted : user_pref("CT2233703.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT223370311027882");
Line Deleted : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
Line Deleted : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
Line Deleted : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2233703&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=");
Line Deleted : user_pref("CT2233703.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Fri Apr 16 2010 22:10:13 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2233703.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2233703.SettingsLastCheckTime", "Sat Apr 17 2010 13:48:52 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.SettingsLastUpdate", "1271243704");
Line Deleted : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Thu Apr 15 2010 16:08:22 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1271243704");
Line Deleted : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2233703.UserID", "UN59194684698834722");
Line Deleted : user_pref("CT2233703.ValidationData_Search", 1);
Line Deleted : user_pref("CT2233703.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2233703.WeatherNetwork", "");
Line Deleted : user_pref("CT2233703.WeatherPollDate", "Sat Apr 17 2010 14:15:11 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("CT2233703.WeatherUnit", "C");
Line Deleted : user_pref("CT2233703.alertChannelId", "631527");
Line Deleted : user_pref("CT2233703.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Line Deleted : user_pref("CT2233703.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2233703.myStuffEnabled", true);
Line Deleted : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/youtube/youtube.html", "594x278");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://malaysia.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2233703");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Apr 16 2010 22:10:14 GMT+0800 (Malay Peninsula Standard Time)");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Search The Web");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search The Web");
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100489");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "fbde418900000000000002004c4f4f50");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15267");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=fbde418900000000000002004c4f4f50&tlver=1.4.35.10&affID=100489");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 26);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.100:26:36");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 79265120);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.100:26:36");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "fbde4189000000000000001d92a287d4");
Line Deleted : user_pref("extensions.delta.instlDay", "15991");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.622:50:01");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=120007&tt=02102013_ctrl1&tsp=5034");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=3349510604014034&o=APN10641&q=");
Line Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Line Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "55/15/21/5/112");
Line Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Deleted : user_pref("speedbitvideodownloader.guid", "%7BAADB9087-6992-6AE9-50A4-0BB3B323319C%7D");
Line Deleted : user_pref("speedbitvideodownloader.popupblockedcnt", "318");
Line Deleted : user_pref("speedbitvideodownloader.stored_history", "");
Line Deleted : user_pref("speedbitvideodownloader_installed_version", "2.1.2");
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3349510604014034&q={searchTerms}
Deleted [Search Provider] : hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=zgametb&v=2_0&ent=ch_6252&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034
Deleted [Homepage] : hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FBDE001D92A287D4&affID=120007&tt=02102013_ctrl1&tsp=5034
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : ijblflkdjdopkpdgllkmlbgcffjbnfda
Deleted [Extension] : jlnfdbbladgcmhhamgkioifhbobjaoof
 
*************************
 
AdwCleaner[R0].txt - [39806 octets] - [22/05/2014 11:14:50]
AdwCleaner[R1].txt - [40461 octets] - [22/05/2014 19:08:06]
AdwCleaner[S0].txt - [40243 octets] - [22/05/2014 19:09:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [40304 octets] ##########
 
 
 
***
 
 
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Thu 05/22/2014 at 19:20:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\getrighttogo"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com"
Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\z1w2f9ro.default\minidumps [11 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 19:24:07.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
***
 
 
 
OTL
OTL logfile created on: 5/22/2014 7:28:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.20% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.26 Gb Total Space | 30.28 Gb Free Space | 19.38% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 78.26 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
 
Computer Name: USER-72B317D810 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\User\My Documents\Downloads\JRT.exe (Thisisu)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
PRC - C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\InputDirectorClipboardHelper.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\IDWinService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Steam\SDL2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll ()
MOD - C:\Program Files\Steam\libavcodec-55.dll ()
MOD - C:\Program Files\Steam\libavutil-53.dll ()
MOD - C:\Program Files\Steam\libavformat-55.dll ()
MOD - C:\Program Files\Steam\libavresample-1.dll ()
MOD - C:\Program Files\Steam\video.dll ()
MOD - C:\Program Files\Steam\libswscale-2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
MOD - C:\Program Files\Input Director\IDWinService.exe ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (InputDirector) -- C:\Program Files\Input Director\IDWinService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva219) -- C:\WINDOWS\system32\XDva219.sys File not found
DRV - (WDICA) --  File not found
DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NTACCESS) -- E:\NTACCESS.sys File not found
DRV - (npkcrypt) -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (glphw) -- System32\drivers\gwuql.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Messenger\Room\safedrv.sys File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) --  File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (tStLib) -- C:\WINDOWS\system32\drivers\tStLib.sys (StdLib)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (GarenaPEngine) -- C:\Documents and Settings\User\Local Settings\Temp\HOCC5.tmp ()
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (Mkd2kfNt) -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)
DRV - (Mkd2Nadr) -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "&tn=dealio_dg&wd={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.my/"
FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7BD394D188-BAC7-4e03-8FAF-389A4D7EC6F4%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B4e38134d-ba98-4066-b898-e296d8acc938%7D:1.0
FF - prefs.js..extensions.enabledAddons: ext%40MediaWatchV1home793.net:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/23 14:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha5047.net: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha5047\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta404.net: C:\Program Files\VideoPlayerV3\VideoPlayerV3beta404\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha942.net: C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha942\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha415.net: C:\Program Files\MediaViewerV1\MediaViewerV1alpha415\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha606.net: C:\Program Files\MediaViewV1\MediaViewV1alpha606\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha6006.net: C:\Program Files\MediaViewV1\MediaViewV1alpha6006\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaWatchV1home793.net: C:\Program Files\MediaWatchV1\MediaWatchV1home793\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaBuzzV1mode670.net: C:\Program Files\MediaBuzzV1\MediaBuzzV1mode670\ff [2014/04/25 23:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@RichMediaViewV1release7147.net: C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ff [2014/05/14 23:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/30 21:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/15 11:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2014/01/17 19:31:57 | 000,000,000 | ---D | M]
 
[2014/04/08 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/05/22 19:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions
[2010/01/04 21:41:10 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/01/04 21:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2014/03/18 23:21:00 | 000,063,388 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\fbdislike@doweb.fr.xpi
[2012/06/23 12:15:59 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/05/22 19:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/30 21:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 21:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{4E38134D-BA98-4066-B898-E296D8ACC938}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{D394D188-BAC7-4E03-8FAF-389A4D7EC6F4}.XPI
[2014/04/25 23:02:05 | 000,000,000 | ---D | M] (Media Buzz) -- C:\PROGRAM FILES\MEDIABUZZV1\MEDIABUZZV1MODE670\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME793\FF
[2014/05/14 23:02:08 | 000,000,000 | ---D | M] (Rich Media View) -- C:\PROGRAM FILES\RICHMEDIAVIEWV1\RICHMEDIAVIEWV1RELEASE7147\FF
[2008/01/23 14:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Garena Talk Plugin (Enabled) = C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Shopping Suggestion = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejbpjlaagejfakeobljhgplbgklgemll\1.0.0_0\
CHR - Extension: Media Buzz = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gnfnkjcpiacabcojhgihnkglbffeddkl\1.1_0\
CHR - Extension: DVDVideoSoft = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Rich Media View = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nojkmbhlejamildlpaglddkahjaomace\1.1_0\
 
O1 HOSTS File: ([2006/06/22 08:08:24 | 000,000,068 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       gameguard.mapleglobal.com
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Rich Media View) - {8be29f82-b9c2-4bb3-aabf-80e0095914f6} - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ie\RichMediaViewV1release7147.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe"  -osboot File not found
O4 - HKLM..\Run: [UsageLoader] "C:\Program Files\VLC Player GPU+\UsageLog.exe" File not found
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [closethe] C:\DOCUME~1\User\APPLIC~1\TRUSTC~1\Soapokay.exe File not found
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Messenger\GarenaMessenger.exe ()
O4 - HKCU..\Run: [InputDirector] C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPS Accelerator] D:\Program Files\PPStream\ppsap.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - D:\Program Files\4shared Desktop\down_all.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9 - Extra Button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra 'Tools' menuitem : Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C84A2057-9CBF-468D-944C-A82D0404A5EE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 18:59:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b7c6171-8950-11de-ba80-001d92a287d4}\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun\command - "" = F:\SecureLogin.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Explore\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Open\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Scan for Viruses\command - "" = Scanner.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 19:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/22 19:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\CyberLink PowerDVD
[2014/05/22 11:25:10 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/22 11:21:42 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/22 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/05/22 11:15:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/22 11:14:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/14 23:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\RichMediaViewV1
[2014/05/10 19:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2014/05/09 08:53:36 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2014/05/08 19:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2014/05/04 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Job
[2014/05/04 15:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Spoon
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFArea
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFArea
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2014/05/04 13:47:15 | 000,596,000 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPMC211.dll
[2014/05/04 13:45:30 | 000,536,760 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211.dll
[2014/05/04 13:45:30 | 000,271,032 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211LM.dll
[2014/05/04 13:45:29 | 002,220,216 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkinsC211.exe
[2014/05/04 13:45:29 | 000,222,904 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoiC211.dll
[2014/05/04 13:44:45 | 002,525,368 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_DJ2540.dll
[2014/05/04 13:44:44 | 000,417,464 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_DJ2540.dll
[2014/04/25 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\MediaBuzzV1
[2009/09/15 07:27:52 | 285,525,896 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\User\cs16full_v6.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 19:20:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/22 19:12:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 19:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/22 18:48:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 16:38:05 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/22 14:00:52 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/22 13:53:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/05/22 13:47:59 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/22 11:21:43 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/21 20:40:51 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/05/20 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2014/05/20 13:39:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/19 01:59:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/19 01:59:07 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/19 00:09:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/17 17:35:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/14 23:03:05 | 000,001,636 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/05/14 22:20:27 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/05/14 22:20:26 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/14 12:52:02 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/14 10:10:50 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/08 21:31:33 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:35:00 | 004,330,851 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:33:01 | 004,883,964 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:16 | 002,017,461 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:14 | 000,001,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:15:38 | 000,431,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/08 21:31:32 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:34:56 | 004,330,851 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:32:57 | 004,883,964 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:14 | 002,017,461 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/05/04 13:47:14 | 000,001,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:33:24 | 000,431,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2014/01/31 16:05:06 | 000,001,636 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/22 01:14:01 | 000,595,618 | ---- | C] () -- C:\WINDOWS\libcurl-4.dll
[2013/12/22 01:14:01 | 000,031,232 | ---- | C] () -- C:\WINDOWS\cmdow.exe
[2013/11/07 10:46:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2013/11/07 10:46:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2013/11/07 10:46:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2013/03/31 18:29:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\ŸcŸc
[2012/10/16 17:35:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/07/13 14:55:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\٬٬
[2011/10/21 01:21:12 | 000,005,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\knmesfut.gey
[2011/06/24 16:08:47 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[2011/06/23 14:46:27 | 000,447,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/21 11:41:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/26 17:01:35 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\User\pool.bin
[2009/09/15 07:28:07 | 009,164,711 | ---- | C] () -- C:\Documents and Settings\User\cs16-bots.zip
[2009/09/07 15:34:14 | 000,200,846 | ---- | C] () -- C:\Program Files\RuntimeSetup.exe
[2009/09/07 15:34:14 | 000,001,068 | ---- | C] () -- C:\Program Files\runtimesetup.ini
[2009/09/07 15:34:08 | 002,156,598 | ---- | C] () -- C:\Program Files\1.bmp
[2008/11/23 15:47:02 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/10/21 14:32:06 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2008/08/23 18:54:16 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008/12/02 13:37:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/10 13:21:20 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 18:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
 
< End of report >


#13 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 May 2014 - 06:40 AM

Hello Jo,

 

There are still unallowed pop-ups on my browser.

 

I think it did reduce though.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 22 May 2014 - 07:06 AM

Hello kennylim20,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
    
    :Commands
    [RESETHOSTS]
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 kennylim20

kennylim20
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 May 2014 - 08:24 AM

Hello Jo,

 

First OTE

All processes killed

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56543 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56543 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 107928 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 904003612 bytes
 
User: User
->Temp folder emptied: 4463726984 bytes
->Temporary Internet Files folder emptied: 38595234 bytes
->Java cache emptied: 60769353 bytes
->FireFox cache emptied: 84655234 bytes
->Google Chrome cache emptied: 139443613 bytes
->Apple Safari cache emptied: 21340160 bytes
->Flash cache emptied: 58962 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109957374 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 315938183 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3495311314 bytes
 
Total Files Cleaned = 9,188.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222014_201716
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
***
 
 
Second OTL
OTL logfile created on: 5/22/2014 9:01:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.55% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 156.26 Gb Total Space | 36.36 Gb Free Space | 23.27% Space Free | Partition Type: NTFS
Drive D: | 141.83 Gb Total Space | 81.34 Gb Free Space | 57.35% Space Free | Partition Type: NTFS
 
Computer Name: USER-72B317D810 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
PRC - C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\InputDirectorClipboardHelper.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files\Input Director\IDWinService.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Input Director\InputDirectorSessionHelper.exe ()
MOD - C:\Program Files\Input Director\IDWinService.exe ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Resources.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\unrar.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (InputDirector) -- C:\Program Files\Input Director\IDWinService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva219) -- C:\WINDOWS\system32\XDva219.sys File not found
DRV - (WDICA) --  File not found
DRV - (SetupNTGLM7X) -- E:\NTGLM7X.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NTACCESS) -- E:\NTACCESS.sys File not found
DRV - (npkcrypt) -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (glphw) -- System32\drivers\gwuql.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Messenger\Room\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\User\LOCALS~1\Temp\HOCC5.tmp File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) --  File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (tStLib) -- C:\WINDOWS\system32\drivers\tStLib.sys (StdLib)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (Mkd2kfNt) -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)
DRV - (Mkd2Nadr) -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "&tn=dealio_dg&wd={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.my/"
FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7BD394D188-BAC7-4e03-8FAF-389A4D7EC6F4%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B4e38134d-ba98-4066-b898-e296d8acc938%7D:1.0
FF - prefs.js..extensions.enabledAddons: ext%40MediaWatchV1home793.net:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.9
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/23 14:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha5047.net: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha5047\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta404.net: C:\Program Files\VideoPlayerV3\VideoPlayerV3beta404\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha942.net: C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha942\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha415.net: C:\Program Files\MediaViewerV1\MediaViewerV1alpha415\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha606.net: C:\Program Files\MediaViewV1\MediaViewV1alpha606\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaViewV1alpha6006.net: C:\Program Files\MediaViewV1\MediaViewV1alpha6006\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaWatchV1home793.net: C:\Program Files\MediaWatchV1\MediaWatchV1home793\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@MediaBuzzV1mode670.net: C:\Program Files\MediaBuzzV1\MediaBuzzV1mode670\ff [2014/04/25 23:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@RichMediaViewV1release7147.net: C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ff [2014/05/14 23:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/30 21:11:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/15 11:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/28 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2014/01/17 19:31:57 | 000,000,000 | ---D | M]
 
[2014/04/08 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/05/22 19:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions
[2010/01/04 21:41:10 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/01/04 21:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2014/03/18 23:21:00 | 000,063,388 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\fbdislike@doweb.fr.xpi
[2012/06/23 12:15:59 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\z1w2f9ro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/05/22 19:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/30 21:11:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/30 21:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{4E38134D-BA98-4066-B898-E296D8ACC938}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1W2F9RO.DEFAULT\EXTENSIONS\{D394D188-BAC7-4E03-8FAF-389A4D7EC6F4}.XPI
[2014/04/25 23:02:05 | 000,000,000 | ---D | M] (Media Buzz) -- C:\PROGRAM FILES\MEDIABUZZV1\MEDIABUZZV1MODE670\FF
File not found (No name found) -- C:\PROGRAM FILES\MEDIAWATCHV1\MEDIAWATCHV1HOME793\FF
[2014/05/14 23:02:08 | 000,000,000 | ---D | M] (Rich Media View) -- C:\PROGRAM FILES\RICHMEDIAVIEWV1\RICHMEDIAVIEWV1RELEASE7147\FF
[2008/01/23 14:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Garena Talk Plugin (Enabled) = C:\Program Files\Garena Messenger\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Shopping Suggestion = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejbpjlaagejfakeobljhgplbgklgemll\1.0.0_0\
CHR - Extension: Media Buzz = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gnfnkjcpiacabcojhgihnkglbffeddkl\1.1_0\
CHR - Extension: DVDVideoSoft = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.3.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Rich Media View = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nojkmbhlejamildlpaglddkahjaomace\1.1_0\
 
O1 HOSTS File: ([2014/05/22 20:17:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Rich Media View) - {8be29f82-b9c2-4bb3-aabf-80e0095914f6} - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7147\ie\RichMediaViewV1release7147.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe"  -osboot File not found
O4 - HKLM..\Run: [UsageLoader] "C:\Program Files\VLC Player GPU+\UsageLog.exe" File not found
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray File not found
O4 - HKCU..\Run: [closethe] C:\DOCUME~1\User\APPLIC~1\TRUSTC~1\Soapokay.exe File not found
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Messenger\GarenaMessenger.exe ()
O4 - HKCU..\Run: [InputDirector] C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPS Accelerator] D:\Program Files\PPStream\ppsap.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - D:\Program Files\4shared Desktop\down_all.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9 - Extra Button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra 'Tools' menuitem : Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C84A2057-9CBF-468D-944C-A82D0404A5EE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 18:59:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b7c6171-8950-11de-ba80-001d92a287d4}\Shell\AutoRun\command - "" = H:\Launcher.exe
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1fb833ca-7bd0-11dd-bd23-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3de76b31-29b2-11de-b9d7-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77cc9b00-78be-11dd-bd1f-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a9fdcd0-2380-11e3-be79-001d92a287d4}\Shell\AutoRun\command - "" = F:\SecureLogin.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Explore\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Open\command - "" = Flash.10.Setup.exe
O33 - MountPoints2\{8b02846c-79a2-11dd-bd21-001d92a287d4}\Shell\Scan for Viruses\command - "" = Scanner.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 20:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\CyberLink PowerDVD
[2014/05/22 20:17:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/22 19:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/22 11:25:10 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/22 11:21:42 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/22 11:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/05/22 11:15:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/22 11:14:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/14 23:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\RichMediaViewV1
[2014/05/10 19:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2014/05/09 08:53:36 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2014/05/08 19:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2014/05/08 19:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2014/05/04 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Job
[2014/05/04 15:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Spoon
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFArea
[2014/05/04 15:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFArea
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2014/05/04 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2014/05/04 13:47:15 | 000,596,000 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPMC211.dll
[2014/05/04 13:45:30 | 000,536,760 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211.dll
[2014/05/04 13:45:30 | 000,271,032 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsC211LM.dll
[2014/05/04 13:45:29 | 002,220,216 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkinsC211.exe
[2014/05/04 13:45:29 | 000,222,904 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoiC211.dll
[2014/05/04 13:44:45 | 002,525,368 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_DJ2540.dll
[2014/05/04 13:44:44 | 000,417,464 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_DJ2540.dll
[2014/04/25 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\MediaBuzzV1
[2009/09/15 07:27:52 | 285,525,896 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\User\cs16full_v6.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 20:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 20:40:48 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/05/22 20:20:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 20:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/22 20:17:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/05/22 19:20:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/22 16:38:05 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/22 14:00:52 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/05/22 13:53:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/05/22 13:47:59 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/05/22 11:21:43 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/20 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2014/05/20 13:39:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/19 01:59:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/05/19 01:59:07 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/19 00:09:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/17 17:35:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/14 23:03:05 | 000,001,636 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/05/14 22:20:27 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/05/14 22:20:26 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/14 12:52:02 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/14 10:10:50 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/05/08 21:31:33 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | M] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:35:00 | 004,330,851 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:33:01 | 004,883,964 | ---- | M] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:16 | 002,017,461 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:14 | 000,001,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:15:38 | 000,431,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/08 21:31:32 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\warnings.bmp
[2014/05/08 21:31:09 | 001,749,534 | ---- | C] () -- C:\Documents and Settings\User\Desktop\error.bmp
[2014/05/04 18:34:56 | 004,330,851 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates2.pdf
[2014/05/04 18:32:57 | 004,883,964 | ---- | C] () -- C:\Documents and Settings\User\Desktop\certificates1.pdf
[2014/05/04 15:32:37 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Image to PDF Converter Free.lnk
[2014/05/04 15:32:37 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Image to PDF Converter Free.lnk
[2014/05/04 14:30:14 | 002,017,461 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1.pdf
[2014/05/04 14:21:12 | 000,436,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CertificateYAO.pdf
[2014/05/04 13:47:51 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2014/05/04 13:47:25 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/05/04 13:47:14 | 000,001,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
[2014/05/04 13:47:14 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
[2014/05/04 13:45:42 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/05/02 11:33:24 | 000,431,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Certificate.pdf
[2014/04/29 17:35:58 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2014/01/31 16:05:06 | 000,001,636 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/22 01:14:01 | 000,595,618 | ---- | C] () -- C:\WINDOWS\libcurl-4.dll
[2013/12/22 01:14:01 | 000,031,232 | ---- | C] () -- C:\WINDOWS\cmdow.exe
[2013/11/07 10:46:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2013/11/07 10:46:02 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2013/11/07 10:46:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2013/11/07 10:46:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe
[2013/03/31 18:29:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\ŸcŸc
[2012/10/16 17:35:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/07/13 14:55:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\٬٬
[2011/10/21 01:21:12 | 000,005,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\knmesfut.gey
[2011/06/24 16:08:47 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[2011/06/23 14:46:27 | 000,447,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/21 11:41:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe GIF Format CS5 Prefs
[2011/03/26 17:01:35 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\User\pool.bin
[2009/09/15 07:28:07 | 009,164,711 | ---- | C] () -- C:\Documents and Settings\User\cs16-bots.zip
[2009/09/07 15:34:14 | 000,200,846 | ---- | C] () -- C:\Program Files\RuntimeSetup.exe
[2009/09/07 15:34:14 | 000,001,068 | ---- | C] () -- C:\Program Files\runtimesetup.ini
[2009/09/07 15:34:08 | 002,156,598 | ---- | C] () -- C:\Program Files\1.bmp
[2008/11/23 15:47:02 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2008/10/21 14:32:06 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2008/08/23 18:54:16 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008/12/02 13:37:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/10 13:21:20 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 18:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 00:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
 
< End of report >
 
 
 
***
 
 
Currently there are less pop-ups but when I click something, another tab(advertisement) will pop-up. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users