Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How To Fix Fake Windows Hard Drive Error Message

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » January 31st, 2012, 11:35 pm

Recently, i keep getting popup windows which says:
"Windows detected a hard disk problem
Backup your files immediately to prevent information loss, and then contact the computer manufacturer to determine if you need to repair or replace the disk." A red cross also appears on my system tray along with the popup alert.

However, besides the problem stated above, my computer has been running normally as usual. There was absolutely no compromise in my pc performance. I have also checked the status of my hard drive in the control panel and it says that everything is performing normally.

Did several malware scans of my pc using Windows Security Essentials and MalwareBytes but both reported similar results: No threats found. Thats when i read on some forums that this could be a fake error message caused by some malware which are able to conceal their prescence during scans.

But, when i used "SeaTools for DOS" on my SATA harddisk, it reported a "FAIL" status. Other than this report, it offered no help to my current problem.
I also did a scan using 'Hijackthis' software and it generated a log which i have no idea how to interpret it.

Below is my DDS.txt and Attach.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by TAN at 10:59:53 on 2012-02-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.2814.1917 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\DFDWiz.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe
C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\kwstray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAP\DAP.exe
C:\Users\TAN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.hao123.com/?tn=62002018_3_hao_pg
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PIPI Link Helper: {1a3440c6-f123-4cab-84ee-c814e1ae0d8f} - c:\users\tan\appdata\roaming\pipi\JfCheck.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: QuickNet: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - QuickNet BHO
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\users\tan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tan\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: ????3?? - c:\users\tan\appdata\roaming\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\users\tan\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: ???????? - c:\flashget network\flashget mini\GetUrl.htm
IE: ???????????? - c:\flashget network\flashget mini\GetAllUrl.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{60640B01-D8CD-400A-A38B-BC5F8EEE2709} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{60640B01-D8CD-400A-A38B-BC5F8EEE2709} : DhcpNameServer = 192.168.1.254
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tan\appdata\roaming\mozilla\firefox\profiles\x6ub1f58.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-28 6656]
R2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\users\tan\appdata\roaming\maxthon2\modules\mxkws\kswebshield.exe [2011-5-29 394648]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-29 652872]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-29 20464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-20 80184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-26 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-20 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 83496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-20 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-01-31 09:58:20 388096 ----a-r- c:\users\tan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-31 09:58:19 -------- d-----w- c:\program files\Trend Micro
2012-01-31 04:04:46 -------- d-----w- c:\program files\Seagate
2012-01-31 03:26:13 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-31 03:26:04 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{be3c84c5-467a-4ac8-a5d0-e976656bbc22}\mpengine.dll
2012-01-30 04:51:57 -------- d-----w- c:\users\tan\.areca
2012-01-30 04:51:43 -------- d-----w- c:\program files\Areca
2012-01-30 04:01:26 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-01-30 03:45:12 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-30 03:45:12 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-30 03:45:12 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-30 03:45:12 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 03:45:11 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-30 03:45:11 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-30 03:45:11 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-30 03:45:11 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-30 03:45:11 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-30 03:45:11 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-30 02:56:53 -------- d-----w- c:\users\tan\appdata\roaming\HD Tune Pro
2012-01-30 02:56:47 -------- d-----w- c:\program files\HD Tune Pro
2012-01-29 14:46:40 -------- d-----w- c:\programdata\mcache
2012-01-29 14:17:09 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1c1649ab-920e-4701-963c-2444e7e7e55e}\gapaengine.dll
2012-01-29 14:15:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-29 13:05:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-29 13:05:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-29 04:31:19 -------- d-----w- c:\users\tan\appdata\roaming\Malwarebytes
2012-01-29 04:31:15 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 03:43:35 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea4656de-a41f-4ba0-bad2-b320461b76dc}\mpengine.dll
2012-01-26 04:18:02 -------- d-----w- c:\windows\system32\Adobe
2012-01-20 12:21:27 -------- d-----w- C:\KwDownload
2012-01-20 12:21:22 -------- d-----w- c:\program files\KWMUSIC
2012-01-20 06:43:49 -------- d-----w- c:\users\tan\appdata\local\doubleTwist Corporation
2012-01-20 06:43:41 -------- d-----w- c:\program files\common files\doubleTwist
2012-01-20 06:39:09 -------- d-----w- c:\program files\doubleTwist 2.0
2012-01-20 05:07:30 -------- d-----w- c:\users\tan\appdata\roaming\Temp
2012-01-20 04:24:19 -------- d-----w- c:\users\tan\appdata\local\Samsung
2012-01-20 04:22:08 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-01-20 04:22:08 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-01-20 04:22:08 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-01-20 04:22:08 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-20 04:15:02 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-20 04:14:13 -------- d-----w- c:\program files\MarkAny
2012-01-20 04:14:12 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-20 04:13:39 -------- d-----w- c:\programdata\Samsung
2012-01-20 04:13:39 -------- d-----w- c:\program files\Samsung
2012-01-20 04:11:53 -------- d-----w- c:\users\tan\appdata\local\Downloaded Installations
2012-01-14 04:06:29 -------- d-----w- c:\program files\iTunes
2012-01-14 04:06:29 -------- d-----w- c:\program files\iPod
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2012-01-14 03:58:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2012-01-12 05:59:40 -------- d-----w- c:\users\tan\appdata\roaming\OverDrive
2012-01-11 02:59:41 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:59:40 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:59:39 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:59:39 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-07 04:18:46 -------- d-----w- c:\users\tan\appdata\local\DDMSettings
2012-01-05 04:05:56 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-05 04:05:56 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-05 04:05:56 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-05 04:05:56 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-03 05:26:14 -------- d-----w- c:\users\tan\appdata\local\Cranium
2012-01-03 04:14:40 -------- d-----w- c:\program files\WinSCP
2012-01-03 00:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-28 14:20:02 0 --sha-w- c:\windows\mtn3.exe
2012-01-28 14:15:01 0 --sha-w- c:\windows\mtn3270.exe
2012-01-28 14:10:02 0 --sha-w- c:\windows\svcsvh32.exe
2012-01-27 14:00:01 0 --sha-w- c:\windows\pdesrv2.exe
2012-01-26 12:09:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 09:26:22 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-11 10:50:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-11 10:50:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 11:00:36.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2009 PM 8:37:50
System Uptime: 1/2/2012 AM 10:29:26 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GT-UD3H
Processor: AMD Athlon(tm) II X4 620 Processor | Socket M2 | 1898/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 457.909 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: KAVSafe
Device ID: ROOT\LEGACY_KAVSAFE\0000
Manufacturer:
Name: KAVSafe
PNP Device ID: ROOT\LEGACY_KAVSAFE\0000
Service: KAVSafe
.
==== System Restore Points ===================
.
RP515: 30/1/2012 PM 1:51:52 - Windows Backup
RP517: 30/1/2012 PM 2:19:05 - Windows Backup
RP518: 30/1/2012 PM 7:03:47 - Removed Image Resizer Powertoy Clone for Windows
RP519: 31/1/2012 PM 12:04:32 - Installed SeaTools for Windows
RP520: 31/1/2012 PM 12:25:43 - Windows Update
RP521: 31/1/2012 PM 5:57:40 - Installed HiJackThis
RP522: 1/2/2012 AM 12:29:00 - Windows Update
RP523: 1/2/2012 AM 10:33:25 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
????
??????? 2.3
µTorrent
AC3Filter 1.63b
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.0
Any Video Converter 3.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bass Audio Decoder (remove only)
Bonjour
calibre
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
Combined Community Codec Pack 2009-09-09
CX4300_5500_DX4400 manual
D3DX10
DCoder Image Source (remove only)
DivX Setup
doubleTwist
Download Accelerator Plus (DAP)
Dropbox
DScaler 5 Mpeg Decoders
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
Gabest MPEG Splitter (remove only)
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iPhoneBrowser
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x86
Mobipocket Creator 4.2
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 9.0.1 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 8 Micro
Nokia Connectivity Cable Driver
NVIDIA PhysX
OpenSource DTS/AC3/DD+ Source Filter (remove only)
Pando Media Booster
PC Connectivity Solution
Pokemon Online 1.0.21
PowerISO
Pro Evolution Soccer 2012
QuickTime
RealMedia (remove only)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SHOUTcast Source (remove only)
Sothink Video Converter
SUPER © Version 2010.bld.38 (May 2, 2010)
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Upload Tool
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Movie Maker 2.6
WinRAR 4.01 (32-bit)
WinSCP 4.3.6
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
31/1/2012 PM 8:33:44, Error: bowser [8003] - The master browser has received a server announcement from the computer FUJITSU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{60640B01-D8CD-400A-A38B-BC5F8EEE27. The master browser is stopping or an election is being forced.
31/1/2012 PM 12:34:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/1/2012 PM 7:50:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
30/1/2012 PM 12:04:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
30/1/2012 AM 10:21:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/1/2012 PM 9:06:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache kl1 KLIF SCDEmu spldr Wanarpv6
29/1/2012 PM 4:24:56, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/1/2012 PM 4:24:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/1/2012 PM 4:24:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache kl1 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/1/2012 PM 4:24:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/1/2012 PM 2:30:40, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
29/1/2012 PM 2:18:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
29/1/2012 PM 2:11:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
29/1/2012 PM 12:12:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
29/1/2012 PM 11:51:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/1/2012 PM 11:50:24, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/1/2012 PM 11:43:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/1/2012 PM 11:43:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/1/2012 PM 11:43:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/1/2012 PM 11:43:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/1/2012 PM 11:43:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SCDEmu spldr Wanarpv6
28/1/2012 AM 11:35:57, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Internet Security service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/1/2012 AM 11:35:57, Error: Service Control Manager [7031] - The Kaspersky Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/2/2012 AM 10:30:08, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 AM 10:29:43, Error: Service Control Manager [7000] - The KAVSafe service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Thanks alot in advance.
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am
Advertisement
Register to Remove

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby mambass » February 2nd, 2012, 10:25 am

Hi leaguemaster91, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 2nd, 2012, 12:03 pm

Ok sure. Just ordered an external harddisk today. Will be collecting it this coming monday and then i will do my system backup. Thanks in advance anyway.
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby mambass » February 4th, 2012, 8:08 am

Hi leaguemaster91, :)

  1. P2P Program Policy Violation

    The following P2P (Peer to Peer) program appear to be installed on your computer:
    uTorrent

    Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
    P2P file sharing used to be fairly safe. This is no longer true. Continue to use P2P sharing at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

    References citing the risk factors of using P2P programs:
    How to boost your malware defense and protect your PC
    How to Prevent the Online Invasion of Spyware and Adware

    I can offer you no further assistance as long as you have the P2P program installed, per Malware Removal Forum Policy.

    I strongly recommend that you uninstall the program identified above
    however that choice is up to you.
    • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
    • If you choose to remove this program then perform the following steps:
      1. Click Start > Control Panel and then click on Programs and Features.
      2. Right-click the uTorrent entry, choose Uninstall/Change and give permission to Continue
      3. Reboot (restart) your computer.

  2. MGADiag
    1. Click here to download MGADiag.exe from Microsoft and save it to your Desktop.
    2. Right-click on MGADiag.exe and select Run As Administrator to run it.
    3. Click Continue. The program will run. It takes a while to finish the diagnosis, please be patient.
    4. Click the Copy button once the scan is done.
    5. Open Notepad and paste the contents in its window.
    6. Save this file and post it in your next reply.

  3. CKScanner
    1. Click here to download CKScanner © askey127 and save to your Desktop.
    2. Right-click on CKScanner.exe, select Run As Administrator and then click Search For Files.
      Note: It's important that you run this program only one time.
    3. Click Save List To File after a very short time when the cursor hourglass disappears.
    4. Click OK when prompted.
    5. Post the contents of file ckfiles.txt on your Desktop in your reply.

  4. WVCheck
    1. Click here to download WVCheck.exe and save it to your Desktop.
    2. Right-click WVCheck.exe and select Run As Administrator to run the program.
    3. Read the comments on the screen and then press Enter.
      The scan can take a while, depending on the size of your hard drive.
    4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
    5. Please copy and paste the contents of the Notepad scan report in your next reply.

  5. Explanation of how computer is used & MS Office
    Please let me know if this computer is used for business purposes and how Microsoft Office Enterprise 2007 came to be installed.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the MGADiag log.
  3. The contents of the CKScanner log.
  4. The contents of the WVCheck log.
  5. The answer to the question concerning usage & MS Office Enterprise 2007.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 5th, 2012, 12:58 am

hi mambass,

I have already uninstalled my utorrent. However, i can't seem to run WVCheck. Whenever i tried to run it, a black window just pops up suddenly and disappears almost immediately.
Below are my MGADiag and CKScanner logs as instructed:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {E945FCF6-C694-4BD8-A953-10E96A41BD9E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.111025-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E945FCF6-C694-4BD8-A953-10E96A41BD9E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3686890305-2745552844-346922765</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-MA785GT-UD3H</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="4"/><Date>20090916000000.000000+000</Date></BIOS><HWID>49203307018400F2</HWID><UserLCID>1004</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-18441-7600.0000-3452009
Installation ID: 014871086942151716403310340956556996829194070482955441
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/2/2012 PM 12:23:26

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 2:1:2012 17:07
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAeqjaj6gYVPIQM+CoGIhmU8S46kUqz1ZvQho=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
SSDT PTLTD POWERNOW
TAMG GBT GBT B0
SLIC ACRSYS ACRPRDCT


-----------------End of MGADiag log---------------------


CKScanner - Additional Security Risks - These are not necessarily bad
c:\programdata\microsoft\windows\wer\reportarchive\apphang_nero 8 keygen.ex_dadc54ac5241a4484ce5a39540bbdf7221edaf11_0e95da76\report.wer
c:\users\tan\dropbox\microsoft office 2010 professional plus\cracked microsoft office 2010 professional plus\14.0.4734.1000_professionalplus_volume_ship_x86_en-us_exe.exe
scanner sequence 3.AA.11.ICAPDH
----- EOF -----



Lastly, my computer is used for home purposes; mainly multimedia stuff. As for my MS Office Enterprise 2007, i am not exactly sure how it came to be installed. If i am not wrong, the person who helped me to set up my pc installed it for me. With what he installed, i have no idea. Also, if this information is relevant, i'd like you to know that my current problem arised after i installed and tried to completely remove a media program called "Funshion."
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby mambass » February 5th, 2012, 8:30 pm

Hi leaugemaster91, :)

  1. Cracked/Keygen Policy Violation

    The following Cracked/Keygen programs appear to be installed on your computer:
    Microsoft Office Enterprise 2007
    Nero 8 Micro
    I can offer you no further assistance as long as you have Cracked/Keygen programs installed, per our policy concerning Use of "cracked" programs.

    I strongly recommend that you uninstall the programs identified above
    however that choice is up to you.
    • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
    • If you choose to remove this program then perform the following steps:
      1. Click Start > Control Panel and then click on Programs and Features.
      2. Right-click the Microsoft Office Enterprise 2007 entry, choose Uninstall/Change and give permission to Continue
      3. Right-click the Nero 8 Micro entry, choose Uninstall/Change and give permission to Continue
      4. Reboot (restart) your computer.

      You may wish to consider downloading Open Office from www.openoffice.org as a replacement for Microsoft Office.

  2. Perform a Custom Fix with OTL
    1. Click here to download OTL.exe by Old Timer and save it to your Desktop.
    2. Close all running applications.
    3. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    4. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :Files
      c:\users\tan\dropbox\microsoft office 2010 professional plus
      :Commands
      [CREATERESTOREPOINT]
      
    5. Close all running applications other than OTL.
    6. Click the Run Fix button at the top.
    7. When the fix has completed, a Notepad text file will appear.
    8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run a Scan with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      c:\|funshion;true;true;true /fp
      c:\|torrent;true;true;true /fp
      hklm\software|funshion /rs
      hklm\system|funshion /rs
      hkcu\software|funshion /rs
      
    3. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    4. Make sure all other windows are closed so that it can run uninterrupted.
    5. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    6. This scan may take a while. Please be patient. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    7. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply (post logs separately if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the OTL.txt and Extras.txt logs.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 7th, 2012, 12:55 am

Hi mambass,

I have already removed my Microsoft Office Enterprise 2007 and my Nero 8 Micro as instructed. No problems were encountered when i ran OTL.

Below are my OTL Fix, OTL.txt and Extras.txt logs:
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 7th, 2012, 12:56 am

This is my OTL Fix:


========== FILES ==========
c:\users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents folder moved successfully.
c:\users\tan\dropbox\Microsoft Office 2010 Professional Plus\Cracked Microsoft Office 2010 Professional Plus folder moved successfully.
c:\users\tan\dropbox\Microsoft Office 2010 Professional Plus folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 02072012_120623
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 7th, 2012, 12:59 am

This is my OTL.txt:

OTL logfile created on: 7/2/2012 PM 12:10:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TAN\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001004 | Country: Singapore | Language: ZHI | Date Format: d/M/yyyy

2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.28% Memory free
5.50 Gb Paging File | 4.19 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 454.07 Gb Free Space | 48.75% Space Free | Partition Type: NTFS

Computer Name: TAN-PC | User Name: TAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 11:56:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
PRC - [2012/01/19 10:46:40 | 000,076,288 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/01/19 02:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\TAN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 14:02:42 | 002,980,016 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/02 00:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/02 00:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/29 12:53:00 | 000,902,552 | ---- | M] (Kingsoft Corporation) -- C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\kwstray.exe
PRC - [2011/05/29 12:52:51 | 000,394,648 | ---- | M] (Kingsoft Corporation) -- C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/23 08:33:52 | 000,085,784 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2010/04/23 08:33:04 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/04/23 08:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/07 11:55:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38fb8d12e4cd8fc8a868b9219f7b8533\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/07 11:52:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bf8ea9c366dc004d413532091c7defd1\System.ServiceProcess.ni.dll
MOD - [2012/02/07 11:52:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5693ef411e9d6ad691028ac8d4057753\System.Windows.Forms.ni.dll
MOD - [2012/02/07 11:52:13 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e79768e8e2e111061f4b1244caea2c66\System.Data.ni.dll
MOD - [2012/02/07 11:52:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4d4bed76b14c6d57f8920b25176417b5\System.Drawing.ni.dll
MOD - [2012/02/07 11:52:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\956cb4b62d29f9f8e7090f7fa91fe74a\System.Web.ni.dll
MOD - [2012/02/07 11:52:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\429dbf7842f60429a18a0cc6fd0f573a\System.Runtime.Remoting.ni.dll
MOD - [2012/02/07 11:51:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d42147f9f8437ea77c2301c0bc37940f\System.Xml.ni.dll
MOD - [2012/02/07 11:51:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3567c5a2a9d6bb75d0a7fb1a0ac151f1\System.Configuration.ni.dll
MOD - [2012/02/07 11:51:37 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b30468a5f935dcf2725536b6c9bf7d9d\System.ni.dll
MOD - [2012/02/07 11:51:32 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d0c93d166f11516e05794ca07fe23ee3\Accessibility.ni.dll
MOD - [2012/02/07 11:51:29 | 011,491,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4c2b00c9c2f2109037cd39d7b7a81633\mscorlib.ni.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/02 00:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/02 00:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/02 00:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/02 00:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/23 08:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2010/04/23 08:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2010/04/23 08:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/23 06:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/23 06:57:42 | 000,178,176 | ---- | M] () -- C:\Program Files\Common Files\Memeo\ProfMan.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/23 15:35:55 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/19 10:46:40 | 000,076,288 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/29 12:52:51 | 000,394,648 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Users\TAN\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe -- (Kingsoft Antivirus WebShield Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/23 08:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/01 22:49:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/08 12:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 12:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/08/17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/07/28 02:48:16 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2011/06/15 16:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/02 10:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007/04/04 12:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007/04/04 12:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007/04/04 12:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=62002018_3_hao_pg
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sg.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED DD 9F E5 66 7A CA 01 [binary data]
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.88488.com
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/29 14:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/07 12:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/02/01 14:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/14 11:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 11:58:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/12/23 14:03:21 | 000,000,000 | ---D | M]

[2009/12/11 23:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAN\AppData\Roaming\mozilla\Extensions
[2012/02/04 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAN\AppData\Roaming\mozilla\Firefox\Profiles\x6ub1f58.default\extensions
[2012/02/04 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAN\AppData\Roaming\mozilla\Firefox\Profiles\x6ub1f58.default\extensions\staged
[2012/02/04 14:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAN\AppData\Roaming\mozilla\Firefox\Profiles\x6ub1f58.default\extensions\trash
[2010/10/24 17:06:46 | 000,002,569 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mozilla\Firefox\Profiles\x6ub1f58.default\searchplugins\askcom.xml
[2009/12/11 23:37:33 | 000,002,171 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mozilla\Firefox\Profiles\x6ub1f58.default\searchplugins\bing.xml
[2010/03/09 14:39:41 | 000,001,040 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mozilla\Firefox\Profiles\x6ub1f58.default\searchplugins\yahoo-zugo.xml
[2012/01/29 14:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/07 16:12:40 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/12/23 14:03:21 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2012/01/07 12:17:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/01 14:10:20 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012/01/29 14:29:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\TAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6UB1F58.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\TAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6UB1F58.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI
[2012/01/05 12:05:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/20 00:33:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2011/10/04 18:59:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/13 14:29:46 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/10 10:59:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.7_0\lib/npdapchrome.dll
CHR - plugin: Download Accelerator Plus (DAP) Opera/NS6 plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdap.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: TooManyTabs for Chrome = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.8.1_0\
CHR - Extension: Chrome Currency Converter = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk\3.4.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Universal Converter = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhhibchnhhgndhgdmdnijclikmnemhl\1.1_0\
CHR - Extension: Freemake Video Converter = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Star Gazer = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
CHR - Extension: Quick Note = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.2.9_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.0.4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\TAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\TAN\AppData\Roaming\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - Reg Error: Value error. File not found
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKU\S-1-5-21-3686890305-2745552844-346922765-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\TAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\TAN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\TAN\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\TAN\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用迷你快车下载 - C:\FlashGet Network\FlashGet Mini\GetUrl.htm File not found
O8 - Extra context menu item: 使用迷你快车下载全部链接 - C:\FlashGet Network\FlashGet Mini\GetAllUrl.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3686890305-2745552844-346922765-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60640B01-D8CD-400A-A38B-BC5F8EEE2709}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60640B01-D8CD-400A-A38B-BC5F8EEE2709}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{577f02df-3afb-11df-bd7f-6cf049045a45}\Shell - "" = AutoRun
O33 - MountPoints2\{577f02df-3afb-11df-bd7f-6cf049045a45}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{8c394e1e-68e7-11df-a231-6cf049045a45}\Shell - "" = AutoRun
O33 - MountPoints2\{8c394e1e-68e7-11df-a231-6cf049045a45}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b1d2a650-6608-11df-b77e-6cf049045a45}\Shell - "" = AutoRun
O33 - MountPoints2\{b1d2a650-6608-11df-b77e-6cf049045a45}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 12:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/07 11:56:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
[2012/02/06 10:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012/02/06 10:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2012/02/06 10:23:45 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Memeo
[2012/02/06 10:23:38 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Seagate
[2012/02/06 10:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012/02/06 10:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2012/02/06 10:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/02/06 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Leadertech
[2012/02/05 12:24:23 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/02/05 12:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/02/05 12:12:42 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\TAN\Desktop\MGADiag.exe
[2012/02/02 20:54:37 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\eBookPro6
[2012/02/01 16:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/02/01 16:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/01 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/02/01 16:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/01 16:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/01 16:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/01 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/01 16:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/01 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\Freemake
[2012/02/01 14:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/02/01 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/01 14:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/02/01 14:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/02/01 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Local\SugarSync
[2012/02/01 12:50:33 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\Magic Briefcase
[2012/02/01 12:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2012/01/31 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/31 17:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/31 12:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/01/31 12:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/01/30 19:09:01 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\My eBooks
[2012/01/30 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\TAN\.areca
[2012/01/30 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Areca
[2012/01/30 12:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/01/30 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/01/30 11:45:11 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/30 11:45:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/30 10:56:53 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\HD Tune Pro
[2012/01/30 10:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2012/01/29 22:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\mcache
[2012/01/29 22:24:39 | 000,000,000 | ---D | C] -- C:\Users\TAN\Desktop\PC Security
[2012/01/29 22:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/29 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 21:05:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/29 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/29 12:31:19 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Malwarebytes
[2012/01/29 12:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 12:18:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/01/20 20:21:27 | 000,000,000 | ---D | C] -- C:\KwDownload
[2012/01/20 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\KWMUSIC
[2012/01/20 15:03:21 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\Subscriptions
[2012/01/20 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Local\doubleTwist Corporation
[2012/01/20 14:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\doubleTwist
[2012/01/20 14:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
[2012/01/20 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0
[2012/01/20 13:07:30 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Temp
[2012/01/20 12:24:19 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Local\Samsung
[2012/01/20 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\samsung
[2012/01/20 12:22:08 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2012/01/20 12:22:08 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinUSBCoInstaller.dll
[2012/01/20 12:22:08 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/01/20 12:22:08 | 000,080,184 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/01/20 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/01/20 12:15:02 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/01/20 12:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/01/20 12:14:12 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/01/20 12:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/01/20 12:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/01/20 12:11:53 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Local\Downloaded Installations
[2012/01/14 12:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/14 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/14 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/14 11:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/14 11:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/12 15:39:41 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\My Publications
[2012/01/12 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\OverDrive
[2012/01/12 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\TAN\Documents\My Media
[2012/01/11 10:59:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 10:59:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 10:59:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 12:08:33 | 000,020,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 12:08:33 | 000,020,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 12:00:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/07 12:00:27 | 000,000,230 | ---- | M] () -- C:\Windows\tasks\SpeedOptimizer Startup.job
[2012/02/07 12:00:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 12:00:07 | 2213,404,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 11:59:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/07 11:56:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
[2012/02/06 22:57:33 | 000,654,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/06 22:57:33 | 000,121,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At52.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/06 22:36:36 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/06 22:36:36 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At55.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At50.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At54.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At49.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At53.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At51.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/06 10:25:22 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/02/05 12:13:27 | 000,983,040 | ---- | M] () -- C:\Users\TAN\Desktop\WVCheck.exe
[2012/02/05 12:13:01 | 000,458,240 | ---- | M] () -- C:\Users\TAN\Desktop\CKScanner.exe
[2012/02/05 12:12:41 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\TAN\Desktop\MGADiag.exe
[2012/02/03 16:02:34 | 000,000,600 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\winscp.rnd
[2012/02/01 23:24:06 | 000,000,973 | ---- | M] () -- C:\Users\TAN\Desktop\Dropbox.lnk
[2012/02/01 23:24:06 | 000,000,953 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/01 17:16:14 | 000,412,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/01 14:10:21 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/02/01 13:13:23 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
[2012/02/01 13:10:33 | 000,000,724 | ---- | M] () -- C:\Users\TAN\Desktop\Magic Briefcase.lnk
[2012/01/31 20:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/30 19:06:42 | 000,001,121 | ---- | M] () -- C:\Users\TAN\Desktop\RealPlayer Converter.lnk
[2012/01/29 22:16:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/29 21:56:40 | 000,021,038 | ---- | M] () -- C:\Users\TAN\Documents\cc_20120129_215621.reg
[2012/01/28 22:20:02 | 000,000,000 | -HS- | M] () -- C:\Windows\mtn3.exe
[2012/01/28 22:15:01 | 000,000,000 | -HS- | M] () -- C:\Windows\mtn3270.exe
[2012/01/28 22:10:02 | 000,000,000 | -HS- | M] () -- C:\Windows\svcsvh32.exe
[2012/01/27 22:00:01 | 000,000,000 | -HS- | M] () -- C:\Windows\pdesrv2.exe
[2012/01/26 20:09:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/26 11:41:42 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/21 13:15:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/01/20 20:33:34 | 000,000,911 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\coreavc.ini
[2012/01/20 14:54:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/01/20 14:43:40 | 000,001,995 | ---- | M] () -- C:\Users\TAN\Application Data\Microsoft\Internet Explorer\Quick Launch\doubleTwist.lnk
[2012/01/20 14:43:40 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2012/01/20 12:46:00 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/01/20 12:45:29 | 000,001,883 | ---- | M] () -- C:\Users\TAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/14 12:07:15 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/14 11:57:51 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/12 11:15:42 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 7th, 2012, 1:00 am

continued...


========== Files Created - No Company Name ==========

[2012/02/06 10:25:22 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/02/05 12:13:20 | 000,983,040 | ---- | C] () -- C:\Users\TAN\Desktop\WVCheck.exe
[2012/02/05 12:12:55 | 000,458,240 | ---- | C] () -- C:\Users\TAN\Desktop\CKScanner.exe
[2012/02/01 14:10:09 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/02/01 13:13:23 | 000,001,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2012/02/01 13:13:23 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
[2012/02/01 12:52:50 | 000,000,724 | ---- | C] () -- C:\Users\TAN\Desktop\Magic Briefcase.lnk
[2012/01/30 19:06:42 | 000,001,121 | ---- | C] () -- C:\Users\TAN\Desktop\RealPlayer Converter.lnk
[2012/01/29 22:16:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/29 22:15:45 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/29 21:56:29 | 000,021,038 | ---- | C] () -- C:\Users\TAN\Documents\cc_20120129_215621.reg
[2012/01/20 20:28:15 | 000,000,911 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\coreavc.ini
[2012/01/20 14:54:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/01/20 14:43:40 | 000,001,995 | ---- | C] () -- C:\Users\TAN\Application Data\Microsoft\Internet Explorer\Quick Launch\doubleTwist.lnk
[2012/01/20 14:43:40 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2012/01/20 12:23:39 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/01/20 12:15:16 | 000,001,883 | ---- | C] () -- C:\Users\TAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/14 12:07:15 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/14 11:57:51 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/12 11:15:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 11:15:42 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/02 20:44:12 | 000,000,600 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\winscp.rnd
[2011/11/04 16:53:55 | 000,000,000 | ---- | C] () -- C:\Users\TAN\AppData\Local\{F89E215C-B45F-440D-B01B-23B8A23247DE}
[2011/08/18 14:49:48 | 000,051,078 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\room_v3.dat
[2011/08/17 14:45:59 | 000,033,654 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\gokart.dat
[2011/08/17 13:42:22 | 000,138,056 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\PnkBstrK.sys
[2011/08/17 13:41:47 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/16 20:40:19 | 000,000,000 | ---- | C] () -- C:\Users\TAN\AppData\Local\{2F89B1EA-611A-4B7D-BA63-EBF0C3524A92}
[2011/08/15 22:20:00 | 000,000,000 | -HS- | C] () -- C:\Windows\mtn3.exe
[2011/08/15 22:15:08 | 000,000,000 | -HS- | C] () -- C:\Windows\mtn3270.exe
[2011/08/15 22:10:03 | 000,000,000 | -HS- | C] () -- C:\Windows\svcsvh32.exe
[2011/08/15 22:00:02 | 000,000,000 | -HS- | C] () -- C:\Windows\pdesrv2.exe
[2011/08/09 11:44:25 | 000,007,597 | ---- | C] () -- C:\Users\TAN\AppData\Local\Resmon.ResmonCfg
[2011/07/01 13:53:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/01 13:52:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/22 13:16:14 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011/04/30 19:51:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/26 11:13:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/09/26 11:13:19 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/07/04 12:33:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/31 13:11:15 | 000,015,728 | ---- | C] () -- C:\Windows\System32\drivers\bootsafe.sys
[2010/05/23 12:40:07 | 000,031,744 | ---- | C] () -- C:\Users\TAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 16:40:48 | 000,001,247 | ---- | C] () -- C:\Windows\PIPIPlayer.INI
[2010/02/07 11:25:49 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/05 20:22:51 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/02/05 20:22:41 | 000,000,292 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/02/05 20:22:40 | 000,000,891 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/01/27 02:40:31 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/01/01 16:20:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/01/01 16:20:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/01/01 16:20:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/01/01 16:20:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/01/01 16:20:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/01/01 16:20:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/01/01 16:20:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/01/01 16:20:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/01/01 16:20:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/01/01 16:20:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/01/01 16:20:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/01/01 16:20:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/01/01 16:20:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/01/01 16:20:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/01/01 16:20:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/01/01 16:20:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/01/01 16:20:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/01/01 16:20:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/01/01 16:20:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/12/31 23:43:14 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX5500Asia.ini
[2009/12/12 18:10:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/12 15:14:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\GBLib.dll
[2009/12/12 15:14:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\GBKLib.dll
[2009/12/12 15:13:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ForPickWordAddIn.dll
[2009/12/12 15:13:47 | 000,003,680 | ---- | C] () -- C:\Windows\System32\chutis.dat
[2009/12/12 15:13:05 | 000,000,015 | ---- | C] () -- C:\Windows\HansWare.ini
[2009/12/12 15:12:40 | 000,000,075 | ---- | C] () -- C:\Windows\hsvision.ini
[2009/12/11 21:13:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,412,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,654,038 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,121,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2011/08/11 19:23:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\2K Sports
[2011/12/04 19:58:00 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\AnvSoft
[2010/02/08 21:36:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\BITS
[2011/12/22 18:40:58 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\calibre
[2012/02/07 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Dropbox
[2012/02/05 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\eBookPro6
[2010/01/01 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\EPSON
[2010/02/05 20:22:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FlashGet
[2010/02/06 11:09:36 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FlashGetBHO
[2010/02/07 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FlashgetSetup
[2010/03/09 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\fltk.org
[2011/04/05 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Gygan
[2011/05/14 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\HandBrake
[2012/01/30 10:56:53 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\HD Tune Pro
[2012/01/29 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Lead
[2012/02/06 10:08:20 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Leadertech
[2010/06/20 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\LimeWire
[2010/02/05 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Maxthon2
[2012/02/06 10:23:45 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Memeo
[2010/02/05 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\MxBoost
[2009/12/27 21:48:55 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\NJStar
[2009/12/21 13:56:41 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Nokia
[2012/01/12 13:59:40 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\OverDrive
[2010/03/09 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Participatory Culture Foundation
[2011/12/26 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\PC Suite
[2011/08/13 23:02:34 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\pipi
[2012/01/03 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\redsn0w
[2012/01/20 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Samsung
[2012/02/06 10:23:38 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Seagate
[2012/01/20 13:07:30 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Temp
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/02/06 22:36:36 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/02/06 22:36:36 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At50.job
[2012/02/06 22:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At51.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At52.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At53.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At54.job
[2012/02/06 22:20:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At55.job
[2012/02/06 22:00:01 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/02/06 22:36:37 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/02/06 22:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/02/06 22:15:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/01/19 20:00:40 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/07 12:00:27 | 000,000,230 | ---- | M] () -- C:\Windows\Tasks\SpeedOptimizer Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< c:\|funshion;true;true;true /fp >
[2012/01/20 20:28:23 | 000,000,013 | ---- | M] () -- c:\Users\TAN\AppData\Local\Microsoft\Internet Explorer\DOMStore\CQH5HFBV\fs.funshion[1].xml
[2011/07/25 22:35:39 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Funshion.exe_d01e94c62b922c9d8dca3dd236a10bdae19e910_0eeb5b97
[2011/07/25 22:35:42 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Funshion.exe_d01e94c62b922c9d8dca3dd236a10bdae19e910_15bc3562
[2011/07/25 22:35:44 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Funshion.exe_d01e94c62b922c9d8dca3dd236a10bdae19e910_17cf5956

< c:\|torrent;true;true;true /fp >
[2012/02/01 17:37:35 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents
[2011/05/13 02:42:48 | 000,141,998 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\Dexter Season 1, 2, 3, 4 & Extras (Early Cuts + Audiobooks + Behind the Scenes, etc etc).torrent
[2011/05/13 02:44:12 | 000,209,889 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\Lost Season 1, 2, 3, 4, 5, & 6 + Extras.torrent
[2011/05/13 02:44:12 | 000,036,416 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\SGU Stargate Universe Season 1.torrent
[2011/05/13 02:43:48 | 000,020,179 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\The Ricky Gervais Guide To... Season 1 & 2.torrent
[2011/05/13 02:43:48 | 000,013,901 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\The Ricky Gervais Show Season 1 Complete.torrent
[2011/05/13 02:44:12 | 000,102,748 | ---- | M] () -- c:\_OTL\MovedFiles\02072012_120623\c_users\tan\dropbox\Microsoft Office 2010 Professional Plus\TSV Torrents\Windows 7 Ultimate.torrent
[2011/07/25 22:36:32 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_3ee61586f65dabda5f6876f53849d8e9b8770_0aa6d598
[2011/07/25 22:36:35 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_3ee61586f65dabda5f6876f53849d8e9b8770_133d4339
[2011/07/25 22:36:38 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_b8a13db04528aecc40e74de8232a1bdcf8e5e724_096c66a0
[2011/07/25 22:36:41 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_b8a13db04528aecc40e74de8232a1bdcf8e5e724_0a282a4e
[2011/07/25 22:36:44 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_b8a13db04528aecc40e74de8232a1bdcf8e5e724_0b608d26
[2011/07/25 22:36:47 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_b8a13db04528aecc40e74de8232a1bdcf8e5e724_171c904f
[2011/07/25 22:36:50 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_09c08bcb
[2011/07/25 22:36:53 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_11aaa87f
[2011/07/25 22:36:56 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_120d958a
[2011/07/25 22:36:59 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_12587983
[2011/07/25 22:37:02 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_12c99e13
[2011/07/25 22:37:04 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_utorrent.exe_bc2e81cc487e69669b3c76e3f271306993c5_17c43f22
[2010/02/05 20:22:51 | 000,000,000 | ---D | M] -- c:\Users\TAN\AppData\Roaming\BITS\Torrent
[2012/02/01 16:16:51 | 000,000,841 | ---- | M] () -- c:\Users\TAN\AppData\Roaming\Microsoft\Windows\Recent\Microsoft_Office_2010_Professional_Plus_Cracked.6817491.TPB.torrent.lnk
[2012/01/30 12:23:47 | 000,000,901 | ---- | M] () -- c:\Users\TAN\AppData\Roaming\Microsoft\Windows\Recent\Microsoft_Office_Home_and_Student_2010_ACTIVADOR_Y_SERIAL.6549642.TPB.torrent.lnk
[2010/02/06 23:10:53 | 000,002,853 | ---- | M] () -- c:\Users\TAN\AppData\Roaming\Microsoft\Windows\Recent\[SUMOTorrent.com]_[EN]_The_Godfather_2_PC_GAME_ISO.pif
[2012/02/02 16:03:06 | 000,000,000 | ---D | M] -- c:\Users\TAN\Desktop\Torrents
[2012/01/15 14:10:54 | 000,000,000 | ---D | M] -- c:\Users\TAN\Desktop\Downloads\Prom[2011]DVDRip XviD-ExtraTorrentRG
[2012/01/15 14:10:53 | 000,000,000 | ---D | M] -- c:\Users\TAN\Desktop\Downloads\Prom[2011]DVDRip XviD-ExtraTorrentRG\SubFiles
[2012/01/05 21:53:48 | 000,000,058 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Drive (2011) BRRip 720p x264 5.1ch AAC-Ameet6233(SiNiSTER)\Torrent downloaded from AhaShare.com.txt
[2012/01/05 21:53:48 | 000,000,046 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Drive (2011) BRRip 720p x264 5.1ch AAC-Ameet6233(SiNiSTER)\Torrent downloaded from Demonoid.me.txt
[2012/01/22 13:18:40 | 000,000,353 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Immortals 2011 720p RC BRRip LiNE XviD AC3-FTW\Torrent Downloaded From ExtraTorrent.com.txt
[2012/01/15 15:18:53 | 732,532,762 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Prom[2011]DVDRip XviD-ExtraTorrentRG\Prom[2011]DVDRip XviD-ExtraTorrentRG.avi
[2012/01/15 14:10:54 | 000,000,083 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Prom[2011]DVDRip XviD-ExtraTorrentRG\Torrent downloaded from extratorrent.com.txt
[2012/01/15 14:10:54 | 000,000,167 | ---- | M] () -- c:\Users\TAN\Desktop\Downloads\Prom[2011]DVDRip XviD-ExtraTorrentRG\Torrent Seeded & Tracked by Novalayer.com.txt
[2010/02/23 09:16:22 | 000,008,579 | ---- | M] () -- c:\Users\TAN\Desktop\JailBreak\Elite Pro Theme\Elite Theme\Elite.theme\Icons\TorrentTRAK.png
[2011/08/14 15:14:22 | 1351,653,376 | ---- | M] () -- c:\Users\TAN\Desktop\PSP Games\The 3rd Birthday (2011) [PsP][EUR][WwW.ZoNaTorrent.CoM].iso
[2012/02/05 12:17:07 | 000,034,522 | ---- | M] () -- c:\Windows\Prefetch\UTORRENT.EXE-1070971C.pf

< hklm\software|funshion /rs >
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASAPI32\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionInstall_RASMANCS\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASAPI32\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionService_RASMANCS\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASAPI32\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\FunshionUpgrade_RASMANCS\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASAPI32\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\EnableFileTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\EnableConsoleTracing: 0
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\FileTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\ConsoleTracingMask: -65536
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\MaxFileSize: 1048576
HKEY_LOCAL_MACHINE\software\Microsoft\Tracing\funshion_RASMANCS\\FileDirectory: %windir%\tracing [2011/06/10 13:27:03 | 000,000,000 | ---D | M]

< hklm\system|funshion /rs >
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functiontcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functionudp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AF19D49-73CF-40CD-89E9-2B8F22C36B63}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{700563B8-221A-4AA1-8874-28A6CA068445}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066B5ECB-550B-4152-A14B-1DB6724A1C0B}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{685F16A7-7D90-4F07-906D-38E1B901CE25}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD7FAF5E-B7B7-41BA-8655-5A1CCD22F026}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE01F9D6-2FA9-4E15-8D54-18FBFBF5D289}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AAFC15DD-A360-4DCE-91C5-F2F1E76BDF93}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9672D23-1970-4AE1-AF66-ABDD1B925C51}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshiontcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshionudp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functiontcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functionudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AF19D49-73CF-40CD-89E9-2B8F22C36B63}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{700563B8-221A-4AA1-8874-28A6CA068445}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066B5ECB-550B-4152-A14B-1DB6724A1C0B}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{685F16A7-7D90-4F07-906D-38E1B901CE25}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD7FAF5E-B7B7-41BA-8655-5A1CCD22F026}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE01F9D6-2FA9-4E15-8D54-18FBFBF5D289}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AAFC15DD-A360-4DCE-91C5-F2F1E76BDF93}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9672D23-1970-4AE1-AF66-ABDD1B925C51}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshiontcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshionudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\functiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshiontcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\functionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshionudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\defaults\FirewallPolicy\firewallrules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshiontcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshionudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\firewallrules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functiontcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=functionudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AF19D49-73CF-40CD-89E9-2B8F22C36B63}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{700563B8-221A-4AA1-8874-28A6CA068445}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionService.exe|Name=FunshionService|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066B5ECB-550B-4152-A14B-1DB6724A1C0B}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{685F16A7-7D90-4F07-906D-38E1B901CE25}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD7FAF5E-B7B7-41BA-8655-5A1CCD22F026}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE01F9D6-2FA9-4E15-8D54-18FBFBF5D289}: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe|Name=FunshionUpgrade|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AAFC15DD-A360-4DCE-91C5-F2F1E76BDF93}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9672D23-1970-4AE1-AF66-ABDD1B925C51}C:\program files\funshion online\funshion\funshionservice.exe: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\funshion online\funshion\funshionservice.exe|Name=Funshion Network Transport Service|Desc=Funshion Network Transport Service|Defer=User|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshiontcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshiontcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshion.exe|Name=funshionudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionservicetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionservicetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionserviceudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionservice.exe|Name=funshionserviceudp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradetcp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradetcp|
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\funshionupgradeudp: v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Funshion Online\Funshion\funshionupgrade.exe|Name=funshionupgradeudp|

< hkcu\software|funshion /rs >
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\\C:\Users\TAN\Desktop\FunshionInstall2.2.0.17.exe: 1

========== Files - Unicode (All) ==========
[2012/02/06 15:07:04 | 006,304,719 | ---- | M] ()(C:\Users\TAN\Desktop\????.mp3) -- C:\Users\TAN\Desktop\一念执着.mp3
[2012/02/06 15:05:37 | 006,304,719 | ---- | C] ()(C:\Users\TAN\Desktop\????.mp3) -- C:\Users\TAN\Desktop\一念执着.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:661DFA1C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby leaguemaster91 » February 7th, 2012, 1:02 am

This is my Extras.txt:


OTL Extras logfile created on: 7/2/2012 PM 12:10:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TAN\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001004 | Country: Singapore | Language: ZHI | Date Format: d/M/yyyy

2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.28% Memory free
5.50 Gb Paging File | 4.19 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 454.07 Gb Free Space | 48.75% Space Free | Partition Type: NTFS

Computer Name: TAN-PC | User Name: TAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Users\TAN\AppData\Roaming\FlashgetSetup\fgmini.exe" = C:\Users\TAN\AppData\Roaming\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent -- (Flashget)
"C:\FlashGet Network\FlashGet Mini\FlashGetMini.exe" = C:\FlashGet Network\FlashGet Mini\FlashGetMini.exe:*:Enabled:FlashGetMini
"C:\pipi\fgcn_386.exe" = C:\pipi\fgcn_386.exe:*:Enabled:fg_ol_silent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F92FF5F-C7EA-40BA-9481-02B6B4479C93}" = calibre
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D893565C-10EA-45AF-AFDA-0514B0DC0AE2}" = EPSON Easy Photo Print
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AviSynth" = AviSynth 2.5
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"DCoder Image Source" = DCoder Image Source (remove only)
"DivX Setup" = DivX Setup
"doubleTwist" = doubleTwist
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Google Chrome" = Google Chrome
"GooglePinyin2" = 谷歌拼音输入法 2.3
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"kws_uninst" = 金山网盾
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"PowerISO" = PowerISO
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"winscp3_is1" = WinSCP 4.3.6
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3686890305-2745552844-346922765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2011 AM 12:53:51 | Computer Name = TAN-PC | Source = RasClient | ID = 20227
Description =

Error - 5/5/2011 AM 12:54:40 | Computer Name = TAN-PC | Source = RasClient | ID = 20227
Description =

Error - 5/5/2011 AM 1:00:50 | Computer Name = TAN-PC | Source = RasClient | ID = 20227
Description =

Error - 5/5/2011 AM 1:01:01 | Computer Name = TAN-PC | Source = RasClient | ID = 20227
Description =

Error - 6/5/2011 PM 11:09:17 | Computer Name = TAN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 2.0.1.4120,
time stamp: 0x4da6a99c Faulting module name: coreclr.dll, version: 4.0.60310.0,
time stamp: 0x4d786298 Exception code: 0xc00000fd Fault offset: 0x000bca19 Faulting
process id: 0x758 Faulting application start time: 0x01cc0c63571f8ac5 Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
c:\Program Files\Microsoft Silverlight\4.0.60310.0\coreclr.dll Report Id: 6491d560-7857-11e0-adf7-6cf049045a45

Error - 8/5/2011 AM 9:21:47 | Computer Name = TAN-PC | Source = Bonjour Service | ID = 100
Description = 340: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/5/2011 AM 9:21:47 | Computer Name = TAN-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/5/2011 AM 9:21:47 | Computer Name = TAN-PC | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/5/2011 AM 9:27:43 | Computer Name = TAN-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.1.4120 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1488 Start
Time: 01cc0d6d278c46be Termination Time: 11 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: f04630d4-7976-11e0-87f7-6cf049045a45

Error - 8/5/2011 AM 9:45:31 | Computer Name = TAN-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ Media Center Events ]
Error - 4/3/2010 AM 10:18:03 | Computer Name = TAN-PC | Source = MCUpdate | ID = 0
Description = 10:18:03 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 6/2/2012 AM 10:38:37 | Computer Name = TAN-PC | Source = bowser | ID = 8003
Description =

Error - 6/2/2012 AM 10:47:39 | Computer Name = TAN-PC | Source = DCOM | ID = 10010
Description =

Error - 6/2/2012 AM 10:48:17 | Computer Name = TAN-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.1347.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 6/2/2012 AM 10:48:17 | Computer Name = TAN-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.1347.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 6/2/2012 AM 10:48:17 | Computer Name = TAN-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.1347.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 6/2/2012 PM 11:44:38 | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7000
Description = The KAVSafe service failed to start due to the following error: %%2

Error - 6/2/2012 PM 11:45:07 | Computer Name = TAN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/2/2012 PM 11:59:01 | Computer Name = TAN-PC | Source = DCOM | ID = 10010
Description =

Error - 7/2/2012 AM 12:00:21 | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7000
Description = The KAVSafe service failed to start due to the following error: %%2

Error - 7/2/2012 AM 12:00:57 | Computer Name = TAN-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >
leaguemaster91
Active Member
 
Posts: 9
Joined: January 31st, 2012, 6:12 am

Re: How To Fix Fake Windows Hard Drive Error Message

Unread postby mambass » February 8th, 2012, 2:15 pm

Your machine shows evidence of cracked or otherwise illegal software, so in accordance with our policy, we will not provide any further help.
http://malwareremoval.com/forum/viewtop ... 95#p491395
This thread will be closed.
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware