Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Agent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan.Agent

Unread postby marlenefoung » July 21st, 2012, 9:52 pm

Hi,

I would like to receive help to remove this malware Trojan.Agent since it keeps reappearing even when deleted by MBAM. Sometimes, there is a pop-up from MBAM that says there's a malicious attempt. Thank you in advance :)

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Foung-Yang Family at 21:48:36 on 2012-07-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4085.1569 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
uDefault_Page_URL = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Users\Foung-Yang Family\AppData\Roaming\Google\Google Update.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1155.2\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [ClockWorks] C:\Users\FOUNG-~1\AppData\Local\Temp\ClockWorks.exe
uRun: [ClockPro] C:\Users\FOUNG-~1\AppData\Local\Temp\ClockPro.exe
uRun: [Skype] C:\Users\Foung-Yang Family\AppData\Roaming\skype\skyrpe.exe
mRun: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual
dRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
mExplorerRun: [61703] C:\PROGRA~3\LOCALS~1\Temp\mstvfixe.cmd
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E145C617-85A0-405F-8197-5C915BD78D48} : DhcpNameServer = 192.168.2.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1155.2\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: IplexToALLPlayer: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1155.2\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-24 913792]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-9-21 820568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-29 655944]
R2 PDFSFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-1-18 1036104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-13 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-29 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-21 20:30:15 9133488 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86B75B9A-6285-45D3-B7AF-266D28071221}\mpengine.dll
2012-07-19 02:58:56 9133488 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-10 20:57:16 974848 -c--a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-03 19:59:25 927800 -c----w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA031FE7-59EF-406B-90D7-AFD86FFAC318}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-12 04:44:44 70344 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:44:44 426184 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 -c--a-w- C:\Windows\System32\win32k.sys
2012-06-05 21:02:30 0 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\ZFCXHJ5AJGMVYFgvberqwjiyQ.exe
2012-06-05 20:52:04 0 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\74HH0RQLEPVYFgvberqwjiyQ.exe
2012-06-05 20:18:57 68096 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\pthreadGC2.dll
2012-06-05 20:18:57 68096 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\pthreadGC2-w32.dll
2012-06-05 20:18:57 57960 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\OpenCL.dll
2012-06-05 20:18:57 249344 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\libcurl-4.dll
2012-06-05 20:18:57 177207 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\libusb-1.0.dll
2012-06-05 16:47:28 1401856 -c--a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 -c--a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 -c--a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 -c--a-w- C:\Windows\System32\msxml3.dll
2012-06-05 16:22:03 336896 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\usft_ext.dll
2012-06-05 14:21:52 0 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\6738CMGPKAPBXZsvdll32.exe
2012-06-04 15:29:59 516480 -c--a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-03 21:31:16 1444 -c--a-w- C:\Users\Foung-Yang Family\AppData\Roaming\data.bin
2012-06-02 22:15:31 2622464 -c--a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 -c--a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 -c--a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 -c--a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 -c--a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 -c--a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 -c--a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 -c--a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 -c--a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 -c--a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 -c--a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 -c--a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 -c--a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 -c--a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 -c--a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 -c--a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 -c--a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 -c--a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 -c--a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 -c--a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 -c--a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 -c--a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-24 14:48:00 24448 -c--a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-11 15:14:26 251528 -c--a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-05-01 14:29:44 209920 -c--a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-23 16:25:30 174592 -c--a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 -c--a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 -c--a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 -c--a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 -c--a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 -c--a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-23 11:26:26 154272 -c--a-w- C:\Windows\System32\drivers\idmwfp.sys
2010-05-10 05:40:24 1830536 -c--a-w- C:\Program Files (x86)\defragsetup.exe
2010-05-08 23:47:09 562864 -c--a-w- C:\Program Files (x86)\GoogleEarthPluginSetup.exe
2009-04-25 20:09:45 2400784 -c--a-w- C:\Program Files (x86)\WLinstaller.exe
.
============= FINISH: 21:49:50.45 ===============
You do not have the required permissions to view the files attached to this post.
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm
Advertisement
Register to Remove

Re: Trojan.Agent

Unread postby askey127 » July 23rd, 2012, 7:37 am

HI marlenefoung,
You have too many Antivirus products running at the same time. You should only have ONE antivirus and ONE antispyware product at a time.
Having more will corrupt your system and may reduce protection.
We will update Java and remove the IObit antivirus, Ad-Aware and AVG before we begin.
Please refrain from Installing, Uninstalling, or Scanning with anything unless I ask, until we are through with cleaning.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Advanced SystemCare 5
IObit Malware Fighter
Ad-Aware
AVG Internet Security 2012
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7u5, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform, Windows x64 for 64-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 26th, 2012, 10:13 pm

Hi,
Thank you very much for your time.

I couldnt find Java Auto Updater in my list of programs, so I uninstalled everything else you asked.
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby marlenefoung » July 26th, 2012, 10:19 pm

I also had a problem uninstalling AVG, i uninstalled it but when I restarted the computer, it was still there, so I reuninstalled it and it is still here, so what do I do?
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 27th, 2012, 8:06 am

marlenefoung,
Download the AVG Removal tool from the link below and save it to your desktop.
http://download.avg.com/filedir/util/su ... 1_1322.exe

Right click it, choose "run as administrator".
Should work OK. Then reboot the machine. Let me know when it's complete.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 27th, 2012, 7:10 pm

Hi askey127,
I completed the removal of AVG. Do I continue with your instructions from the beginning?
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 27th, 2012, 8:23 pm

marlene,
Please complete the removal of the other programs as instructed, then proceed with installing the Java runtime and downloading/scanning with OTL per the instructions above.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 28th, 2012, 9:43 am

OTL:

OTL logfile created on: 28/07/2012 9:13:03 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Foung-Yang Family\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.20% Memory free
8.15 Gb Paging File | 6.25 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.86 Gb Total Space | 267.30 Gb Free Space | 59.03% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.33 Gb Free Space | 18.09% Space Free | Partition Type: NTFS

Computer Name: FOUNG-YANG-PC | User Name: Foung-Yang Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 09:10:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Foung-Yang Family\Desktop\OTL.exe
PRC - [2012/07/26 22:44:23 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/03 15:08:25 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/30 18:31:58 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/22 10:56:56 | 001,888,520 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/12/22 10:56:46 | 003,291,912 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/26 23:44:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/25 00:27:35 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/06/29 18:54:16 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/23 07:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/06 15:04:14 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011/10/25 23:50:49 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/09/28 07:52:50 | 000,080,400 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 07:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 21:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2006/11/16 18:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{70A85AB8-176F-4660-9502-ED960C42BC09}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 0ee7%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{70A85AB8-176F-4660-9502-ED960C42BC09}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 0ee7%7d&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{70A85AB8-176F-4660-9502-ED960C42BC09}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =723823&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 0ee7%7d&q={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{70A85AB8-176F-4660-9502-ED960C42BC09}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =723823&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/default.aspx?lang=en-ca
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/default.aspx?lang=en-ca
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 0ee7%7d&q={searchTerms}
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{70A85AB8-176F-4660-9502-ED960C42BC09}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =723823&p={searchTerms}
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AA1FF530-7F29-41B3-B20C-EAB159E3F8B1}&mid=506b1621efd647d094f5d16a12e2e714-0dbb7f5879eb81d2c1a1a5451a2c10b307f49a34&lang=en&ds=AVG&pr=pr&d=2012-06-19 01:03:06&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{B453B70D-EAF8-4023-A2CC-2220CA6CA748}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{D6F61E1F-12FB-40CD-9AEF-1682EBDF0BB0}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 01:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 18:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/20 00:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 15:48:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012/03/07 01:16:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Foung-Yang Family\AppData\Roaming\IDM\idmmzcc5 [2012/05/06 23:31:53 | 000,000,000 | ---D | M]

[2010/01/21 00:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Foung-Yang Family\AppData\Roaming\Mozilla\Extensions
[2010/01/21 00:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Foung-Yang Family\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1155.2\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\SysWow64\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [ClockPro] C:\Users\FOUNG-~1\AppData\Local\Temp\ClockPro.exe File not found
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [ClockWorks] C:\Users\FOUNG-~1\AppData\Local\Temp\ClockWorks.exe File not found
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000..\Run: [Skype] C:\Users\Foung-Yang Family\AppData\Roaming\skype\skyrpe.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 61703 = C:\PROGRA~3\LOCALS~1\Temp\mstvfixe.cmd
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm File not found
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm File not found
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E145C617-85A0-405F-8197-5C915BD78D48}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\21.0.1155.2\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Foung-Yang Family\AppData\Roaming\Google\Google Update.exe) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Foung-Yang Family\Pictures\Hyomin-park-sun-young-24983157-684-1110.jpg
O24 - Desktop BackupWallPaper: C:\Users\Foung-Yang Family\Pictures\Hyomin-park-sun-young-24983157-684-1110.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2615d1b0-134b-11de-abfd-002354060ee7}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{2615d1b0-134b-11de-abfd-002354060ee7}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{2615d1b0-134b-11de-abfd-002354060ee7}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{609868aa-8724-11e0-8a29-002354060ee7}\Shell - "" = AutoRun
O33 - MountPoints2\{609868aa-8724-11e0-8a29-002354060ee7}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{aec475cb-de76-11dd-b05a-002354060ee7}\Shell\AutoRun\command - "" = F:\CMD.EXE
O33 - MountPoints2\{e4b83a8b-0c5f-11e0-b70a-002354060ee7}\Shell - "" = AutoRun
O33 - MountPoints2\{e4b83a8b-0c5f-11e0-b70a-002354060ee7}\Shell\AutoRun\command - "" = G:\PcOptions.exe
O33 - MountPoints2\{ea3bfb32-7077-11de-a205-002354060ee7}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{ea3bfb32-7077-11de-a205-002354060ee7}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{ea3bfb32-7077-11de-a205-002354060ee7}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{ea548fa4-1c78-11de-8060-002354060ee7}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{ea548fa4-1c78-11de-8060-002354060ee7}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{ea548fa4-1c78-11de-8060-002354060ee7}\Shell\open\command - "" = Docs////print.exe
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 09:11:39 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 09:11:39 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/28 09:11:39 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 09:10:59 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 09:10:59 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 09:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 09:10:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Foung-Yang Family\Desktop\OTL.exe
[2012/07/27 18:58:11 | 000,000,000 | ---D | C] -- C:\Users\Foung-Yang Family\AppData\Roaming\AVG2012
[2012/07/20 00:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/11 00:02:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 00:02:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 00:02:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 00:02:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 00:02:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 00:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 00:02:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 00:02:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 00:02:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 00:02:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 00:02:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 00:02:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 00:02:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 16:57:11 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/07 11:42:51 | 000,000,000 | ---D | C] -- C:\Users\Foung-Yang Family\Desktop\Day By Day [Mini Album]
[2012/06/06 21:04:12 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Foung-Yang Family\AppData\Roaming\Q8RNYZBCTS.exe
[2012/06/05 12:22:06 | 000,068,096 | ---- | C] (Open Source Software community LGPL) -- C:\Users\Foung-Yang Family\AppData\Roaming\pthreadGC2-w32.dll
[2012/06/05 12:22:06 | 000,068,096 | ---- | C] (Open Source Software community LGPL) -- C:\Users\Foung-Yang Family\AppData\Roaming\pthreadGC2.dll
[2012/06/05 12:22:05 | 000,177,207 | ---- | C] (libusbx.org) -- C:\Users\Foung-Yang Family\AppData\Roaming\libusb-1.0.dll
[2012/06/05 12:22:05 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Users\Foung-Yang Family\AppData\Roaming\OpenCL.dll
[2012/06/05 12:22:01 | 000,336,896 | ---- | C] (Ufasoft) -- C:\Users\Foung-Yang Family\AppData\Roaming\usft_ext.dll
[2012/06/04 12:53:57 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Foung-Yang Family\AppData\Roaming\NILSLTHTHH.exe
[2010/05/10 01:40:18 | 001,830,536 | ---- | C] (IObit ) -- C:\Program Files (x86)\defragsetup.exe
[2010/05/08 19:47:08 | 000,562,864 | ---- | C] (Google Inc.) -- C:\Program Files (x86)\GoogleEarthPluginSetup.exe
[2009/04/25 16:09:41 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\WLinstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 09:10:42 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/28 09:10:41 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/28 09:10:41 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/28 09:10:41 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/28 09:10:41 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/28 09:10:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Foung-Yang Family\Desktop\OTL.exe
[2012/07/28 09:05:15 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/07/28 09:05:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 09:05:04 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 09:05:04 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 09:04:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 09:04:46 | 4284,719,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 08:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 08:43:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/27 19:05:23 | 000,000,114 | ---- | M] () -- C:\Users\Foung-Yang Family\updateall.cfg
[2012/07/26 23:44:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/26 23:44:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/26 21:31:59 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/07/26 21:31:59 | 000,000,039 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/07/25 21:34:47 | 000,046,080 | ---- | M] () -- C:\Users\Foung-Yang Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 21:25:17 | 000,717,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/25 21:25:17 | 000,618,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 21:25:17 | 000,112,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 21:59:39 | 000,004,653 | ---- | M] () -- C:\Users\Foung-Yang Family\Documents\Attach.zip
[2012/07/21 21:46:48 | 000,014,740 | ---- | M] () -- C:\Users\Foung-Yang Family\Documents\default.htm
[2012/07/17 18:07:38 | 000,000,680 | ---- | M] () -- C:\Users\Foung-Yang Family\AppData\Local\d3d9caps.dat
[2012/07/16 17:10:49 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 22:01:39 | 000,424,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 20:21:02 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/27 19:05:23 | 000,000,114 | ---- | C] () -- C:\Users\Foung-Yang Family\updateall.cfg
[2012/07/21 21:59:39 | 000,004,653 | ---- | C] () -- C:\Users\Foung-Yang Family\Documents\Attach.zip
[2012/07/21 21:46:48 | 000,014,740 | ---- | C] () -- C:\Users\Foung-Yang Family\Documents\default.htm
[2012/07/21 16:18:34 | 4284,719,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/19 13:14:00 | 000,034,764 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Local\dt.dat
[2012/06/05 18:14:13 | 000,000,680 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Local\d3d9caps.dat
[2012/06/05 17:02:30 | 000,000,000 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\ZFCXHJ5AJGMVYFgvberqwjiyQ.exe
[2012/06/05 16:52:04 | 000,000,000 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\74HH0RQLEPVYFgvberqwjiyQ.exe
[2012/06/05 12:22:06 | 000,044,730 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\poclbm120327.cl
[2012/06/05 12:22:05 | 000,013,648 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\phatk120223.cl
[2012/06/05 12:22:04 | 000,249,344 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\libcurl-4.dll
[2012/06/05 10:21:52 | 000,000,000 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\6738CMGPKAPBXZsvdll32.exe
[2012/06/05 02:26:05 | 000,000,299 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\YEFBw
[2012/06/02 19:30:24 | 000,000,996 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\DAVID
[2012/06/02 19:03:04 | 000,001,444 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\data.bin
[2011/07/22 10:20:19 | 000,000,711 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Roaming\burnaware.ini
[2011/06/28 12:17:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/18 10:09:42 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/18 10:09:42 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011/05/02 23:27:47 | 023,819,180 | ---- | C] () -- C:\Users\Foung-Yang Family\Hotmail.zip
[2011/03/24 20:22:25 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/03/24 20:22:25 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/05/12 19:51:52 | 506,746,066 | ---- | C] () -- C:\Program Files (x86)\MoMoLove-01(Digital)_1.rmvb.dap
[2010/05/12 19:50:47 | 387,638,194 | ---- | C] () -- C:\Program Files (x86)\MoMoLove-02(Digital).rmvb.dap
[2010/05/12 19:49:49 | 506,746,066 | ---- | C] () -- C:\Program Files (x86)\MoMoLove-01(Digital).rmvb.dap
[2010/05/08 19:52:39 | 262,360,330 | ---- | C] () -- C:\Program Files (x86)\[SUBlimes]Corner With Love - 16.mp4.dap
[2008/12/28 19:37:10 | 000,046,080 | ---- | C] () -- C:\Users\Foung-Yang Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/01/12 18:46:10 | 000,000,000 | -HSD | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\.#
[2012/06/19 11:31:31 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\6 5
[2012/06/05 21:55:58 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\7 8
[2009/01/25 16:36:01 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\agi
[2010/10/28 00:58:41 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Akre
[2010/06/19 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\AnvSoft
[2010/11/16 00:30:47 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Ashampoo
[2012/07/27 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\AVG2012
[2009/01/31 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Canneverbe_Limited
[2009/03/20 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\COWON
[2012/06/04 18:13:43 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\dclogs
[2009/10/31 02:57:15 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Desktopicon
[2011/02/08 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\DisplayTune
[2012/07/27 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\DMCache
[2010/10/13 00:23:46 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Edniv
[2010/11/16 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\FreeBurner
[2010/08/21 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\GenieSoft
[2012/06/06 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Graboid Inc
[2012/07/10 20:59:09 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\IDM
[2012/03/07 01:13:43 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\IObit
[2010/04/11 19:44:31 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Leawo
[2009/05/20 12:28:09 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Opera
[2009/05/16 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\PlayFirst
[2010/03/16 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Red Kawa
[2012/06/05 21:55:58 | 000,000,000 | -H-D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\Security
[2012/07/26 01:23:45 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\SPlayer
[2012/06/05 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\System
[2012/06/05 18:29:19 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\TestApp
[2011/10/25 23:54:32 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\TrueCrypt
[2009/07/24 23:38:27 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\uTorrent
[2009/01/03 11:30:10 | 000,000,000 | ---D | M] -- C:\Users\Foung-Yang Family\AppData\Roaming\WildTangent
[2012/06/28 20:21:02 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/28 09:03:40 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/21 02:42:55 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/09/08 23:09:46 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DE20CE39-03A7-47DC-A152-17401C11DF57}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/04/15 02:06:19 | 000,011,835 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\?????????????.docx) -- C:\Users\Foung-Yang Family\Documents\我認為每個人的記憶像遊樂場.docx
[2011/04/15 02:06:19 | 000,011,835 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\?????????????.docx) -- C:\Users\Foung-Yang Family\Documents\我認為每個人的記憶像遊樂場.docx
[2011/04/15 02:03:40 | 000,026,624 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\2C???-???????.doc) -- C:\Users\Foung-Yang Family\Documents\2C湯秀娥-記一件難忘的事.doc
[2011/04/15 02:03:40 | 000,026,624 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\2C???-???????.doc) -- C:\Users\Foung-Yang Family\Documents\2C湯秀娥-記一件難忘的事.doc
[2011/04/15 02:03:28 | 000,016,957 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\????.docx) -- C:\Users\Foung-Yang Family\Documents\在生活中.docx
[2011/04/15 02:03:28 | 000,016,957 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\????.docx) -- C:\Users\Foung-Yang Family\Documents\在生活中.docx
[2011/04/15 02:03:23 | 000,015,709 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\?????????????????.docx) -- C:\Users\Foung-Yang Family\Documents\在我的生活中曾經發生許許多多的事情.docx
[2011/04/15 02:03:23 | 000,015,709 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\?????????????????.docx) -- C:\Users\Foung-Yang Family\Documents\在我的生活中曾經發生許許多多的事情.docx
[2010/01/09 16:02:32 | 000,027,169 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\???????.docx) -- C:\Users\Foung-Yang Family\Documents\在人的一生當中.docx
[2010/01/09 16:02:32 | 000,027,169 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\???????.docx) -- C:\Users\Foung-Yang Family\Documents\在人的一生當中.docx
[2010/01/09 02:34:47 | 000,013,395 | ---- | M] ()(C:\Users\Foung-Yang Family\Documents\???.docx) -- C:\Users\Foung-Yang Family\Documents\前几天.docx
[2010/01/09 02:34:47 | 000,013,395 | ---- | C] ()(C:\Users\Foung-Yang Family\Documents\???.docx) -- C:\Users\Foung-Yang Family\Documents\前几天.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
-----------------------------------------------


Extras:

OTL Extras logfile created on: 28/07/2012 9:13:03 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Foung-Yang Family\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.20% Memory free
8.15 Gb Paging File | 6.25 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.86 Gb Total Space | 267.30 Gb Free Space | 59.03% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.33 Gb Free Space | 18.09% Space Free | Partition Type: NTFS

Computer Name: FOUNG-YANG-PC | User Name: Foung-Yang Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5A D0 BF F4 77 F8 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3311650200-3552668205-1632925358-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Foung-Yang Family\AppData\Roaming\Q8RNYZBCTS.exe" = C:\Users\Foung-Yang Family\AppData\Roaming\Q8RNYZBCTS.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Foung-Yang Family\AppData\Roaming\NILSLTHTHH.exe" = C:\Users\Foung-Yang Family\AppData\Roaming\NILSLTHTHH.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Users\Foung-Yang Family\AppData\Roaming\Q8RNYZBCTS.exe" = C:\Users\Foung-Yang Family\AppData\Roaming\Q8RNYZBCTS.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Foung-Yang Family\AppData\Roaming\NILSLTHTHH.exe" = C:\Users\Foung-Yang Family\AppData\Roaming\NILSLTHTHH.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E32E116-2735-479C-BC81-C06B673F8152}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FCA6B89-A946-4DBE-8EF6-C1729EFE24D9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2EA8373D-3CCA-4D60-9646-B4C102023283}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{338A4B67-760C-48B6-8CC6-EC11F7439D12}" = lport=139 | protocol=6 | dir=in | app=system |
"{34DBA224-5911-4BE2-869D-6B3A4CE8F529}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3631E397-B552-4F44-BEC9-2544DA66C39B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AAC3C59-15B5-42F6-A27C-AD8DA583D352}" = lport=2869 | protocol=6 | dir=in | app=system |
"{425423B7-2E08-4241-AC3D-8D540C9F628D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4436A174-464E-4FC0-93C9-734B70F89F74}" = lport=9265 | protocol=6 | dir=in | name=bitcomet 9265 tcp |
"{5C0EAEC5-4C64-4608-8E71-E9225FA86167}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CCFF424-AC4E-4740-A40F-6C7498F0CC9E}" = rport=137 | protocol=17 | dir=out | app=system |
"{63A3440A-569E-44E1-A407-69DE51F54B51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6626DFFA-B9EE-4F3B-8F3B-B2E335D3646A}" = rport=138 | protocol=17 | dir=out | app=system |
"{68C71837-CA45-4858-9799-DDA275D09C85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6B8D04EA-F70E-462E-9237-0593D3BA94E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C895742-0658-4638-9A44-23969CBB25AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87159E2E-39A1-45D4-8280-805B8017CF02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{88B1CBD4-BF3D-48F1-A2D1-71310EB3698C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C33E9F7-D93A-42AB-9FA2-E8F18C34EF28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8D9C5ED4-3E89-420E-A1BB-F1D3EDCD7B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7E61602-7E13-4E41-B32B-AA13CE825B1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADCED681-8AB8-4CAD-8150-CC41D98BD442}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C007B283-7F3D-4FC1-8330-38C917AD7BD2}" = lport=9265 | protocol=17 | dir=in | name=bitcomet 9265 udp |
"{C07DC730-0E5F-4EDC-B01D-5E4C64B717C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C152F229-E9BC-4CDC-99B0-AF61DAA08E84}" = lport=137 | protocol=17 | dir=in | app=system |
"{C42C8AC8-FE30-4102-A0D1-5AB82CBCB2F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8B0D3EC-60E4-4AB2-98A8-C28ECB94AA3F}" = lport=445 | protocol=6 | dir=in | app=system |
"{CAB9B298-CE53-4601-9BFD-855B7A9B5DCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CACF0E37-3BB1-4C56-8BA7-32376D73D2A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9F8D992-0A51-429C-804E-988A6C1FEEE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD86EB07-1236-4D7E-9388-CE1CC0EF33E7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E288FB95-87FB-49B2-A005-B72FC1100FA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E640BDE7-658D-4AE9-A792-298C44A614F8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC9DF7AC-0FE6-4E67-B017-EF71736BF042}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D9EEC7-623E-4366-8903-76906867F502}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EE5516B-F002-4DF1-AF4C-1F3CE73B913B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1082562E-93A5-4326-837B-387670639970}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1117C258-31C0-4E09-B203-B750581602CB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{12B9E6EB-B57E-4F24-8E58-7BB1761D2457}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1597E3E9-FD40-482F-A02D-430E0193DE3D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{18BF9689-5CA7-4CBB-9278-902D766F8D8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1C1E44AA-D4BE-42EC-9F02-776C5B2CC97D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FE72BA2-8A1B-4A72-AB61-DDEBF6E0C21D}" = protocol=6 | dir=out | app=system |
"{21196F7F-7DEC-4E10-A0DA-E8617EDDECB6}" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{21833C17-84E9-4DE5-8E9A-4ADB1F64F41C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{22299619-72B5-4D51-8DF2-410DA234D174}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{29F50BBB-DB6D-49FE-80CF-09BCE573A806}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{326D50B0-9C70-4D71-B29D-8026F89D4F25}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38474B91-2F4C-4418-8628-EDB433303831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40215346-A52A-4910-BA16-A6395CF41ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{43E61D2B-F832-45BD-8DE9-5F45474726B9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45B84766-BB75-47CE-B7CA-AAA99095FB8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{460730FA-6370-4639-B335-FF05FD11220A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{4C00708B-40E1-4397-8123-62C45B80C6DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F0A8DC2-38B9-40A9-8142-316C27D085E6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4FFD0CA2-E61E-499F-A814-607193E7FEEF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{50A37A28-D277-4465-A92D-644786E9FC4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{53A905AB-4977-4D6E-8E43-97CCB574E31A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{557A53B3-BB96-4D1E-BE03-99C8F0AD981C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BAC18D3-A2F2-4B43-A8DA-058A89049B19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5EB3036E-04E3-4BF0-9D19-B3AB381E6542}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{60FC73EF-563C-4593-8767-EDECF2FB0223}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{61A4C81E-A19A-4B60-815D-7ABDF13DE8D9}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{6389D62F-F7DD-4C6F-944F-C583188DE4F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65A25D2A-872B-4579-81A9-FD2A658AD671}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74CAC31D-E47A-430A-A5E3-200A98B99019}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7C3662EB-330E-4C1D-B397-868D88047DCE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{826CA2DC-9CAA-4349-B827-478A25AE4E57}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8283214D-2909-44A1-B33E-B9E2CBCCDB82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{82B1D85E-CC98-44D0-ACC1-7E42C3A95139}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{86A1B34C-8AEA-48AE-9D20-B03E1484FA4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8DD00AE3-B5D1-4E78-901F-0709431095EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E5C46CC-1759-4A84-A354-868D46191DC4}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{9F0CEA16-F469-49C0-8E39-EFB500399614}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{A003F1F8-EEBF-42B7-97ED-349ABDAC0BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A39E2417-39A3-4FC1-AC38-F3D553015C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AB1FA717-8472-4A0B-BF78-A87893882B1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ABA7EC99-80EB-4876-828F-22C65B5008D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABBF1682-7D4A-4F12-86D5-F4DE646C53BB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B23D1E3C-A151-425E-A16B-F25B609DF170}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B343E3E6-F69C-4A89-9006-87EABAFA00A4}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{B80A92C4-07C5-4F55-A3D9-E49C44E5D048}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BF0BA2B1-3C19-4AE6-B610-C6C51383B259}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4CE9A62-86BF-4180-A530-42AE4F3EAA59}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{C5F098D5-EC59-4070-9196-7E229AF8F5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C91135DE-9944-4D42-9AF1-F850E7053669}" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{C96D5BCF-C9FB-49B6-9ABB-EEA9E0FE916A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{CA156E71-0588-43FD-A85F-23384E6C774C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCD6B275-78D6-49B3-B24C-6F7D00507FD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDA6D151-738D-4470-88E8-D03CC6C8B878}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CDB38E73-1FA3-45B7-8F08-44C9FBADB67D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E4FD9EEF-C7E8-481E-BAB5-4268A250C04D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{E6EB3D08-0ACE-43A7-ADFE-AF99903DD4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ED9A385A-DB83-4A2E-8E42-419EF4D8F0CE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F0F663F4-5C45-41CE-B29C-0B29D7CCA837}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F236DB51-BF09-4BE2-BB52-CEBA4C97841B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F4949FBA-7F07-4435-A9BE-829A0B3ED4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F85E1DEF-AB01-4E18-81DE-8663E18870A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F89F7CCA-F642-42C4-9F3D-A770F1E50AB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBE4AB01-ADDA-4E92-9910-3AB576652E91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD8E7420-7E90-401A-B31A-E1FA214EA108}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{1AB25DEC-171B-44BD-BC9E-4265DF4F8B14}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{40169E22-9CB9-4063-90DC-80EF68A463C2}C:\program files (x86)\steam\steamapps\clem_97\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\clem_97\team fortress 2\hl2.exe |
"TCP Query User{4877A136-2571-4C70-9963-EA55EC6C1864}C:\program files (x86)\steam\steamapps\cf_97\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cf_97\team fortress 2\hl2.exe |
"TCP Query User{8838D26D-84BD-414E-AC31-248CA17308D4}C:\program files (x86)\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dap\dap.exe |
"TCP Query User{905AC8B3-E3FB-494B-A3D9-BC6A831DE0C6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{296791F7-0F88-4169-9650-1D7B2E7DAA67}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{384CFD80-688D-42F4-AAB9-111FE2AB10A7}C:\program files (x86)\steam\steamapps\cf_97\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cf_97\team fortress 2\hl2.exe |
"UDP Query User{7E5B7C1F-2A98-497D-9E6C-D3F014A049BF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{AF7ECF68-375D-45D3-9BC5-A6363FE9F6E0}C:\program files (x86)\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dap\dap.exe |
"UDP Query User{B5B709B2-8F8F-442C-BAC3-69E54ADFE30E}C:\program files (x86)\steam\steamapps\clem_97\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\clem_97\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD310764-B3E5-430F-980E-D6C0016B2660}" = PerfectDisk 12.5 Server
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Any Video Converter_is1" = Any Video Converter 3.0.1
"AviSynth" = AviSynth 2.5
"Combat Arms" = Combat Arms
"DirectVobSub" = DirectVobSub (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome Frame" = Google Chrome Frame
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"New app2009" = New app2009
"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V4.X
"Opera 11.61.1250" = Opera 11.61
"Overture 4 Demo" = Overture 4 Demo
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RealPlayer 15.0" = RealPlayer
"SPlayer" = SPlayer
"ST6UNST #1" = AutoReussite
"TrueCrypt" = TrueCrypt
"Video to iPod Converter" = Video to iPod Converter
"Videora iPod Converter" = Videora iPod Converter 5.04
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3311650200-3552668205-1632925358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2012 7:04:38 PM | Computer Name = Foung-Yang-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2012 7:05:37 PM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 27/07/2012 7:06:03 PM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 27/07/2012 7:10:19 PM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:01:59 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:02:00 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:06:15 AM | Computer Name = Foung-Yang-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2012 9:08:00 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:08:01 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:11:52 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

Error - 28/07/2012 9:21:17 AM | Computer Name = Foung-Yang-PC | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: Class not registered .

[ Media Center Events ]
Error - 09/06/2009 4:01:20 PM | Computer Name = Foung-Yang-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/09/2010 12:29:02 AM | Computer Name = Foung-Yang-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 22/06/2009 10:15:10 PM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/07/2009 5:22:21 PM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09/03/2010 11:48:24 PM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/04/2010 7:41:07 PM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 19764 seconds with 360 seconds of active time. This session ended with a
crash.

Error - 28/10/2010 12:42:35 AM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/10/2010 12:46:07 AM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/10/2010 12:55:58 AM | Computer Name = Foung-Yang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/07/2012 12:22:08 AM | Computer Name = Foung-Yang-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
TIFFANY-ASUS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E145C617-85A0-405F-8197-5C915BD78D48}. The master browser is stopping
or an election is being forced.

Error - 27/07/2012 12:46:10 AM | Computer Name = Foung-Yang-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
TIFFANY-ASUS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E145C617-85A0-405F-8197-5C915BD78D48}. The master browser is stopping
or an election is being forced.

Error - 27/07/2012 7:02:48 PM | Computer Name = Foung-Yang-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 27/07/2012 7:02:53 PM | Computer Name = Foung-Yang-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 27/07/2012 7:04:39 PM | Computer Name = Foung-Yang-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 27/07/2012 7:06:51 PM | Computer Name = Foung-Yang-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 28/07/2012 9:04:21 AM | Computer Name = Foung-Yang-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/07/2012 9:04:27 AM | Computer Name = Foung-Yang-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/07/2012 9:06:16 AM | Computer Name = Foung-Yang-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/07/2012 9:08:32 AM | Computer Name = Foung-Yang-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 28th, 2012, 4:36 pm

marlenefoung,
Can you tell me where you got the Enterprise verison of Microsoft Office?
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Hardware Diagnostic Tools
PC-Doctor for Windows

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    IE - HKLM\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\..\SearchScopes\{7BCF998C-4964-4A74-8D9C-1872324F5DD3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    IE - HKU\S-1-5-21-3311650200-3552668205-1632925358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual File not found
    O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
    O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9AB338B9
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{40215346-A52A-4910-BA16-A6395CF41ED8}" =-
    "{5EB3036E-04E3-4BF0-9D19-B3AB381E6542}" =-
    "UDP Query User{AF7ECF68-375D-45D3-9BC5-A6363FE9F6E0}C:\program files (x86)\dap\dap.exe" =-
    
    :Files
    C:\Program Files (x86)\defragsetup.exe
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Users\Foung-Yang Family\AppData\Roaming\IObit
    C:\Users\Foung-Yang Family\AppData\Roaming\uTorrent
    C:\Windows\Tasks\SmartDefrag.job
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for :
- answer to the question about Office
- latest contents of OTL.txt

If you see any report of a Trojan Agent again, please note down the exact trojan name and/or filename, if it's given.
Thanks,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 29th, 2012, 10:55 am

Hi,
Im not sure where I got the Microsoft Office since I got it installed by an acquaintance. Is there any problem with it?

OTL :
Files\Folders moved on Reboot...
C:\Users\Foung-Yang Family\AppData\Local\Temp\VGX115E.tmp moved successfully.
C:\Users\Foung-Yang Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6T4F82W\product[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Foung-Yang Family\AppData\Local\Temp\VGX115E.tmp not found!
File C:\Users\Foung-Yang Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6T4F82W\product[1].htm not found!

Registry entries deleted on Reboot...
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 29th, 2012, 11:31 am

marlene,
What you have is an enterprise version of MS Office.
It doesn't matter who installed it.
This version is only supposed to be owned (in quantity) by a business or corporation. Support for it is by contract with Microsoft.
An individual cannot legally own it.
We won't continue to work on machines that have illegal software like that present.

I would suggest you Uninstall MS Office first, and Install LibreOffice, a very similar, free program.
http://www.libreoffice.org/download/
Click on "Main Installer" and save to your desktop.
Click on "Libre Office built-in Help" and save to your desktop.
Right click "Main Installer" on your desktop, and choose "Run as administrator" to Install it.
Right click "Libre Office built-in help" on your desktop, and choose "Run as administrator" to install help.

Let me know whether you decide to do that.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 29th, 2012, 8:38 pm

Hi,
I uninstalled it. Thank you for telling me that.
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 30th, 2012, 7:54 am

Let me know if still have infection symptoms, or if you need additional help.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Trojan.Agent

Unread postby marlenefoung » July 30th, 2012, 7:16 pm

So the virus is gone now? Can I scan my pc with MBAM?
marlenefoung
Active Member
 
Posts: 12
Joined: July 21st, 2012, 9:43 pm

Re: Trojan.Agent

Unread postby askey127 » July 30th, 2012, 8:46 pm

Go ahead.
Let me know the exact name , if you can, of anything it finds.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware