Author Topic: Computer Hang All of a suddent (Read 2101 times)

zzzim · « **on:** January 10, 2012, 04:02:48 AM »

Hi there.

Today my computer hang all of a sudden and i restart my computer again.
This whole process repeated for 3 times.

Can you help me and have a look on the logfile as follows?

Thax =)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:58:00 PM, on 10/1/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Thunder Network\Xmp\Program\XMP.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\User\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: XlBrowserAddinBho.XlBrowserAddinBhoObject - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: A57CDFD3-A6CA-35CC-F001-C57C13EA7093 Class - {A57CDFD3-A6CA-35CC-F001-C57C13EA7093} - C:\Program Files\StormII\{A57CDFD3-A6CA-35CC-F001-C57C13EA7093}\AddressBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE" -background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [XMP] "c:\program files\thunder network\xmp\program\XMP.exe" /embedding /sstartfrom Startup
O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra 'Tools' menuitem: ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor1.0.2.25.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor1.0.2.25.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor1.0.2.25.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\thunder network\netmon\net_monitor1.0.2.25.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA2A7C06-0B16-40F4-8A8D-A55C9FC2FE40}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager (mitsijm2011) - Unknown owner - C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13156 bytes

guestolo · « **Reply #1 on:** January 10, 2012, 04:28:29 AM »

Hi again, let's run the following tool:

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Right click on OTL.exe and choose to "Run as Administrator"
Ensure 'Use Safelist' is marked under "Extra Registry"
Additionally, tick both "Lop Check" and "Purity Check"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

zzzim · « **Reply #2 on:** January 11, 2012, 10:04:49 PM »

OTL Extras logfile created on: 12/1/2012 10:58:17 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.97 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.79% Memory free
5.93 Gb Paging File | 4.53 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.99 Gb Total Space | 115.80 Gb Free Space | 40.35% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\SogouExplorer\SogouExplorer.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\SogouExplorer\SogouExplorer.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{08233ADA-AA4C-A977-58FD-DB6C684BE010}" = Catalyst Control Center Localization Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B4C7D42-323A-F3FD-5B18-0222082E6FDD}" = Catalyst Control Center Localization Dutch
"{0D348034-9CBE-19FC-19B0-B2CDC78E50F1}" = ccc-core-static
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10B35323-BE1A-61FB-C4D1-E88F24147617}" = Catalyst Control Center Localization Thai
"{11FC2772-F7FD-21FD-614F-CE58BF52C398}" = Catalyst Control Center Localization Chinese Standard
"{12911298-DDB4-AD44-E530-AEB8127503C9}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{1714616C-61CE-44D5-AF0B-53404D7FA83A}" = Catalyst Control Center Localization Korean
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18625A47-84A9-6F6C-3780-79221B6095C3}" = CCC Help Norwegian
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C3F57C7-8474-DF38-8F9F-0EBFB554FD56}" = Catalyst Control Center Localization Hungarian
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{264324EA-35F7-AD77-CC96-F9F47A9A6284}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A6F930B-12DA-AD4F-C4A4-E008F73A8016}" = CCC Help English
"{2AEC1EC0-0C01-8831-B04F-41FB4A92B677}" = Catalyst Control Center Localization Spanish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31326B80-1D01-4DBA-1DCA-A0731182A2E6}" = CCC Help Korean
"{31DD9FF4-23CD-7898-0305-70D806E2F7DB}" = CCC Help Japanese
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AC44A1-81C2-0A61-0EC0-59EFC503A1EA}" = Catalyst Control Center Localization Danish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{374E3A6E-A243-461D-BC0F-8B183A9950C5}" = FET@51
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DFE65B6-3AC9-C44A-1160-A449E0DFFE94}" = CCC Help Greek
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{405AE172-0CE0-E2A1-1693-1B120B71AF32}" = Catalyst Control Center Localization Japanese
"{41773726-92D0-4265-A0F8-DD980CA1AEC4}" = Toshiba Upgrade Assistant for Microsoft Windows 7
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41EEF558-3585-4020-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client)
"{41EEF558-3585-4028-8DF2-B182A0CE2D69}" = Autodesk Vault 2011 (Client) English Language Pack
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC3B285-BE6C-E873-42A1-AE221B3BE4F2}" = CCC Help Hungarian
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CAB637-25EA-33FE-2FF4-6F6182BCCF12}" = CCC Help Chinese Standard
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{567AE922-FB8D-943D-921E-B390A2FBD625}" = CCC Help Russian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-9005-0409-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9005-0409-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - English
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5788504C-08BC-E414-C019-60D8E2A2A1EB}" = CCC Help Portuguese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6BCE01B8-333E-667E-0FC9-5070EA9B8108}" = Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6EA4F33E-8F12-AB92-D497-2D454E3C4BB7}" = CCC Help Polish
"{6FB6D968-6E8D-3FCB-1F2D-7ED24FC1BA07}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F89FF7-C913-4A99-B4D9-C05BAA20790B}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7206AFB8-99ED-B788-3DE8-0AE3DBD97B24}" = Catalyst Control Center Localization French
"{732662AE-82C0-9184-CE57-4257695EE1CE}" = CCC Help German
"{754F90E7-DE41-0ADE-2E3F-2C269ED9C2EE}" = CCC Help Finnish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B12F319-43E1-D2DD-ABFE-50E34F76A740}" = Catalyst Control Center Graphics Full New
"{7CD8E2EF-AD40-7BD3-13E5-2B2847E568DD}" = ATI Catalyst Install Manager
"{7E340EDB-9BF0-5CF2-C12D-7C31992070E3}" = CCC Help Turkish
"{7F4DD591-1532-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1532-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 English Language Pack
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF16DB8-2845-88FE-BDC2-EEF067F9B1EC}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E166691-B3ED-0F76-1FE9-AB3DBAAD75DD}" = CCC Help French
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AED994C5-E6CE-0377-09ED-C4000E4189BF}" = Catalyst Control Center Core Implementation
"{AF899B9E-5842-8839-3EDB-AF9EADF52F45}" = ccc-utility
"{B245D989-F88A-C2C3-1958-A91254DEC387}" = Catalyst Control Center Graphics Light
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3D15F34-F377-26A0-4CCF-2CB47E5810CD}" = CCC Help Dutch
"{B5359AD5-4950-174E-4070-CDB1881B161F}" = CCC Help Czech
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C07CA803-141E-A7C3-13E0-AB99FC5DC7B4}" = Catalyst Control Center Localization Polish
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7838AAD-8B29-86D3-6E04-417C7B7EE628}" = Catalyst Control Center Localization Greek
"{C8585E46-A5C9-8E20-77CA-378D5C291B09}" = Catalyst Control Center Localization Finnish
"{C92C2F87-1E84-A9E5-81F3-3B93DC991A4E}" = Catalyst Control Center Localization Chinese Traditional
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB01DA5C-48B7-D9A6-22DE-D678D6007C56}" = Catalyst Control Center Localization German
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D05EB4EF-29BE-8031-9AF5-2DC9485D5870}" = Catalyst Control Center Localization Russian
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7F069BF-7A9F-6A09-D5AE-E77F8B2E892F}" = CCC Help Danish
"{DDC519DE-AC45-634C-C009-6FCE1EF313F3}" = Catalyst Control Center Localization Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E071691D-20E6-4C2B-9A04-FE41C0FDC367}" = Adobe Photoshop Lightroom 3.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED3C1C9D-0496-6884-8B32-8A2B73219C20}" = Catalyst Control Center Localization Italian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A85260-5B90-4C0E-07FF-72A89AA18F77}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F24E1A94-76DD-85BD-5B6C-6701CC4E8A0F}" = CCC Help Chinese Traditional
"{F4614173-1F8B-A19A-C2CC-57834FBCCE6C}" = CCC Help Spanish
"{F89CF986-3AA7-8B20-390A-D5C09F27F85D}" = Catalyst Control Center Localization Turkish
"{F8F37F88-4CB6-9162-AE65-7BBA7E476547}" = Catalyst Control Center Graphics Previews Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFF7CB0F-FA65-7115-2CEC-16C21037C88E}" = CCC Help Thai
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 English
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CncSimulator_5.3b" = CncSimulator 4.52f
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DivX Setup" = DivX Setup
"DWG TrueView 2011" = DWG TrueView 2011
"facemoods" = facemoods
"FinePrint" = FinePrint
"flip.exe" = Flip 3.4.2
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0
"Lexmark 2400 Series" = Lexmark 2400 Series
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PPLive" = PPTV V2.7.3.0009
"PROHYBRIDR" = 2007 Microsoft Office system
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thunder_is1" = Ñ¸À×7
"TTPlayer" = 千千静听 5.7正式版
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"迅雷看看播放器" = 迅雷看看播放器
"迅雷看看高清播放组件" = 迅雷看看高清播放组件

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Notepad App" = Notepad App

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 12/1/2012 10:58:17 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.97 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.79% Memory free
5.93 Gb Paging File | 4.53 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.99 Gb Total Space | 115.80 Gb Free Space | 40.35% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 18:34:16 | 000,194,160 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files\Thunder Network\Xmp\Program\XMP.exe
PRC - [2011/08/18 08:22:38 | 024,182,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/15 12:52:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/06/09 11:14:38 | 000,439,744 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/01/22 18:42:06 | 000,462,336 | ---- | M] () -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/03 02:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
PRC - [2009/10/03 02:28:08 | 001,290,240 | ---- | M] () -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/21 05:29:24 | 001,703,936 | ---- | M] (ANSYS, Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
PRC - [2009/05/21 05:29:24 | 001,462,024 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/09/03 13:47:00 | 000,712,704 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/08/26 01:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/25 15:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/25 04:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/03/20 05:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/07 05:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/07 05:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/29 08:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/15 12:52:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/12/15 10:03:35 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/14 15:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/22 22:34:49 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/22 18:42:06 | 000,462,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/03 02:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/08/26 01:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/29 07:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/12 03:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/07 05:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/04 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 13:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/20 14:42:04 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/11/24 08:55:50 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/24 08:55:50 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/11/24 08:55:50 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/02/16 23:02:02 | 000,021,504 | ---- | M] (http://www.atmel.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/11/16 09:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 06:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/08/14 09:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/25 15:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/16 11:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 10:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/03/04 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/15 02:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/10 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 07:36:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/24 08:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHS&bmod=TSHS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHS&bmod=TSHS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.1.(489).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(500).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/12 20:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/14 15:47:54 | 000,000,000 | ---D | M]

[2010/09/10 14:19:24 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2010/12/13 20:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ñ¸À×FLVÊÓÆµÐáÌ½¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - File not found
O2 - BHO: (Ñ¸À×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (A57CDFD3-A6CA-35CC-F001-C57C13EA7093 Class) - {A57CDFD3-A6CA-35CC-F001-C57C13EA7093} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [XMP] c:\program files\thunder network\xmp\program\XMP.exe (深圳市迅雷网络技术有限公司)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEMenu.htm ()
O9 - Extra Button: ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/14 14:43:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{83906294-44bd-11e0-9d2c-001e651e719e}\Shell - "" = AutoRun
O33 - MountPoints2\{83906294-44bd-11e0-9d2c-001e651e719e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{344D042B-5661-49E2-9015-88A7A3E3BA13}
[2012/01/12 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F6A9D4F-EBB8-4022-BAF2-E9E1DC4ECD12}
[2012/01/11 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5880A93D-BF72-4910-A951-C92A875F1259}
[2012/01/11 21:33:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BD5C460-709A-40A7-A21D-1A5196D42E0F}
[2012/01/11 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3FBF76E8-4770-417C-98EA-603D73CE05E0}
[2012/01/11 09:33:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DEF81166-C5D6-4CED-A592-1FE749AE9B30}
[2012/01/10 21:32:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1B9936C3-1112-4884-ADEE-381B02FAD770}
[2012/01/10 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{039B2D85-BB68-4E94-B64A-3C910C26C516}
[2012/01/10 09:32:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F034060F-07FC-4475-93EC-AD49A1A61C88}
[2012/01/10 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0F307B7-3D8E-411E-A8EF-4CD9D6D17A62}
[2012/01/09 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Time Table
[2012/01/09 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04D10EF8-175B-481A-9736-10B0F7934D2F}
[2012/01/09 21:31:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C863E6B-4B59-47D1-BF3E-4ACA8E8EC8A9}
[2012/01/09 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DC989E70-F6C1-4EE0-BA8B-2FAF4D637E44}
[2012/01/09 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87AD55F4-3E03-43A8-9454-0A82C7808182}
[2012/01/08 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{014530B8-1CD4-4B3D-9F67-C07D834FB9D2}
[2012/01/08 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C90D7D97-B6AF-4987-8D8B-93B98C56A116}
[2012/01/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14C9865F-B17D-4D01-84C1-A7031B0D88D3}
[2012/01/07 21:28:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79BC198B-B6C6-4E90-B47C-ABAFADF05ADA}
[2012/01/07 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B44BFCAB-505D-42FE-8A01-72C371280987}
[2012/01/07 09:28:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA0AA5DF-A49C-4008-B8DF-02EC7443C6BB}
[2012/01/07 09:27:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E67506AF-DA73-4602-BEA0-F8058FDC922E}
[2012/01/06 19:56:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{43AEBB6D-FABF-4441-B4FB-3463F1982489}
[2012/01/06 19:56:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE2258ED-9847-425E-8E66-668C0555D409}
[2012/01/06 07:55:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A55CD12D-FA73-4C50-B9B2-CA26EBB9DC29}
[2012/01/06 07:55:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{24ECC6AE-755D-4DD6-98D9-5465253D92A5}
[2012/01/06 01:31:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{178D2777-3623-4F3B-9500-09B35FA32114}
[2012/01/05 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\User\App

guestolo · « **Reply #3 on:** January 11, 2012, 11:13:51 PM »

Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows: You have Malwarebytes Anti-Malware installed
Can you run it, when it opens, ensure you have it first "Check for Updates"

If an update is found, it will download and install the latest version.
After updating, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM
Can you once again, right click on OTL.exe and choose to "Run as Admin"
don't change any settings, just choose to Run Scan
When it's done, only one log will be produced, can you post it's contents please

zzzim · « **Reply #4 on:** January 12, 2012, 09:02:15 AM »

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

Protection: Disabled

12/1/2012 9:39:46 PM
mbam-log-2012-01-12 (21-39-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189861
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 24
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (Adware.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (Adware.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\thunder (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: eÏ€µQáÃI·?p±?ÊŽ† -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk (Hijack.Trace) -> Quarantined and deleted successfully.
C:\Users\User\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒÏ²»¶.url (Malware.Trace) -> Quarantined and deleted successfully.

(end)

OTL logfile created on: 12/1/2012 9:55:47 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\User\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

2.97 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.80% Memory free
5.93 Gb Paging File | 4.82 Gb Available in Paging File | 81.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.99 Gb Total Space | 120.34 Gb Free Space | 41.93% Space Free | Partition Type: NTFS
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/29 18:34:16 | 000,194,160 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files\Thunder Network\Xmp\Program\XMP.exe
PRC - [2011/08/18 08:22:38 | 024,182,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/15 12:52:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/06/09 11:14:38 | 000,439,744 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/01/22 18:42:06 | 000,462,336 | ---- | M] () -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/03 02:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
PRC - [2009/10/03 02:28:08 | 001,290,240 | ---- | M] () -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/21 05:29:24 | 001,703,936 | ---- | M] (ANSYS, Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
PRC - [2009/05/21 05:29:24 | 001,462,024 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/09/03 13:47:00 | 000,712,704 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/08/26 01:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/25 15:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/25 04:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/03/20 05:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/07 05:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/07 05:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/29 08:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 13:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/15 12:52:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 10:03:35 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/14 15:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/22 22:34:49 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/22 18:42:06 | 000,462,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/03 02:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto | Running] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/09/02 07:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/08/26 01:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/29 07:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 15:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/12 03:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/07 05:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/04 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 08:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/08/24 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/02 13:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 13:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 13:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/06/02 13:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/20 14:42:04 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/11/24 08:55:50 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/24 08:55:50 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/11/24 08:55:50 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/02/16 23:02:02 | 000,021,504 | ---- | M] (http://www.atmel.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/11/16 09:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 06:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008/08/14 09:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/25 15:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/16 11:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 10:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/03/04 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/15 02:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/10 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 07:36:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/24 08:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHS&bmod=TSHS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHS&bmod=TSHS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.1.(489).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(500).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/12 20:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/14 15:47:54 | 000,000,000 | ---D | M]

[2010/09/10 14:19:24 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npuuseep.dll
[2010/12/13 20:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ñ¸À×FLVÊÓÆµÐáÌ½¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - File not found
O2 - BHO: (Ñ¸À×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (A57CDFD3-A6CA-35CC-F001-C57C13EA7093 Class) - {A57CDFD3-A6CA-35CC-F001-C57C13EA7093} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [XMP] c:\program files\thunder network\xmp\program\XMP.exe (深圳市迅雷网络技术有限公司)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &Ê¹ÓÃ&Ñ¸À×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\program\XmpIEMenu.htm ()
O9 - Extra Button: ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : ²é¿´ÍøÒ³È«²¿Í¼Æ¬ - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Thunder Network\NetMon\net_monitor1.0.2.25.dll (Thunder Networking Technologies,LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\Wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/14 14:43:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 04:00:27 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{83906294-44bd-11e0-9d2c-001e651e719e}\Shell - "" = AutoRun
O33 - MountPoints2\{83906294-44bd-11e0-9d2c-001e651e719e}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2010/01/22 08:13:40 | 003,330,848 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 21:59:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0069C927-F766-47AC-A203-63B6FD58421C}
[2012/01/12 21:59:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D7760EEB-E2FF-475F-8383-B11FE8004B9E}
[2012/01/12 21:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/12 21:34:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/12 21:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/12 21:01:53 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/12 20:53:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe
[2012/01/12 20:35:45 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/01/12 09:34:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{344D042B-5661-49E2-9015-88A7A3E3BA13}
[2012/01/12 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F6A9D4F-EBB8-4022-BAF2-E9E1DC4ECD12}
[2012/01/11 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5880A93D-BF72-4910-A951-C92A875F1259}
[2012/01/11 21:33:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6BD5C460-709A-40A7-A21D-1A5196D42E0F}
[2012/01/11 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3FBF76E8-4770-417C-98EA-603D73CE05E0}
[2012/01/11 09:33:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DEF81166-C5D6-4CED-A592-1FE749AE9B30}
[2012/01/10 21:32:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1B9936C3-1112-4884-ADEE-381B02FAD770}
[2012/01/10 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{039B2D85-BB68-4E94-B64A-3C910C26C516}
[2012/01/10 09:32:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F034060F-07FC-4475-93EC-AD49A1A61C88}
[2012/01/10 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D0F307B7-3D8E-411E-A8EF-4CD9D6D17A62}
[2012/01/09 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Time Table
[2012/01/09 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04D10EF8-175B-481A-9736-10B0F7934D2F}
[2012/01/09 21:31:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9C863E6B-4B59-47D1-BF3E-4ACA8E8EC8A9}
[2012/01/09 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DC989E70-F6C1-4EE0-BA8B-2FAF4D637E44}
[2012/01/09 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87AD55F4-3E03-43A8-9454-0A82C7808182}
[2012/01/08 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{014530B8-1CD4-4B3D-9F67-C07D834FB9D2}
[2012/01/08 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C90D7D97-B6AF-4987-8D8B-93B98C56A116}
[2012/01/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14C9865F-B17D-4D01-84C1-A7031B0D88D3}
[2012/01/07 21:28:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79BC198B-B6C6-4E90-B47C-ABAFADF05ADA}
[2012/01/07 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B44BFCAB-505D-42FE-8A01-72C371280987}
[2012/01/07 09:28:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA0AA5DF-A49C-4008-B8DF-02EC7443C6BB}
[2012/01/07 09:27:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E67506AF-DA73-4602-BEA0-F8058FDC922E}
[2012/01/06 19:56:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{43AEBB6D-FABF-4441-B4FB-3463F1982489}
[2012/01/06 19:56:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE2258ED-9847-425E-8E66-668C0555D409}
[2012/01/06 07:55:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A55CD12D-FA73-4C50-B9B2-CA26EBB9DC29}
[2012/01/06 07:55:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{24ECC6AE-755D-4DD6-98D9-5465253D92A5}
[2012/01/06 01:31:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{178D2777-3623-4F3B-9500-09B35FA32114}
[2012/01/05 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{91A15CD3-2068-4139-B02A-57CF07AE10E1}
[2012/01/05 12:15:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1CA4B3EF-ECBE-46D3-961C-6E005FB02B17}
[2012/01/04 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B16D1911-65B5-46AE-A045-73319A4CF264}
[2012/01/04 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4AAA10F4-307E-447F-BCE3-CA0DC30FE70E}
[2012/01/04 11:11:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CA68780E-9DC9-4B4D-80BF-0FB051B54082}
[2012/01/04 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6E9DCBE0-26BC-4EB9-AA28-D2FED68C1202}
[2012/01/03 23:10:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DAD5581D-44F7-4017-8231-30FF58188E2C}
[2012/01/03 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04EBD48A-BA35-4373-BC01-A3CD721211DB}
[2012/01/03 11:09:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{011D4F10-D290-4AAA-8AA4-6A4631FAA7B1}
[2012/01/03 11:09:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7B5AA534-F9F3-475C-812C-E07B612A5855}
[2012/01/02 23:08:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3467F92-AE05-4E14-BAA3-02B4BC5BA50E}
[2012/01/02 23:08:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A7D75564-B7ED-466D-8173-A378EE7CF6B6}
[2012/01/02 11:08:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ECE3F714-5D45-4507-8084-F70E991076C3}
[2012/01/02 11:08:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B818D0E1-6095-469A-BD9C-C02F4AF1B540}
[2012/01/01 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C365B506-6A61-431C-815D-B931684E850E}
[2012/01/01 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{562A07E0-D05B-4E31-B1B7-E4A2F71FA558}
[2012/01/01 09:59:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B253834D-7F90-44EB-B21A-2E67B5779F56}
[2012/01/01 09:58:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{02BD3376-21FA-4DD5-9535-30612C0EBD3E}
[2011/12/31 21:55:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CB2D0C1F-2B8F-4A03-8883-140435B3E47C}
[2011/12/31 21:55:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5CDE5497-51C9-40FA-B700-D4B29B9E956B}
[2011/12/31 09:55:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{62C51678-9ADF-455B-A475-4959E066B554}
[2011/12/31 09:55:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{90ED7CCE-9663-4CDD-9776-57E82E365BFD}
[2011/12/30 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D14A8FDE-5184-41D2-87AE-32B8DBC33130}
[2011/12/30 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8EE077EA-25EE-4C4C-9EB9-F7F793DF1A93}
[2011/12/30 02:16:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{75A7EF83-BD22-4567-8857-E72351B56CA2}
[2011/12/30 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{51F78886-E2C4-4525-B7D0-09176106B7E4}
[2011/12/29 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/12/29 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVS4YOU
[2011/12/29 20:17:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/12/29 20:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/12/29 20:16:04 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/12/29 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/12/29 20:15:13 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011/12/29 20:15:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2011/12/29 20:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/12/29 12:54:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DB68AF7C-BE38-4A9A-B90F-B122285170AF}
[2011/12/29 12:54:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F602FCE5-79A2-407E-AE08-9D024949C640}
[2011/12/29 01:00:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\anshelp
[2011/12/29 00:53:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E6C2EEAA-E079-4240-8830-AEFBE8174BA3}
[2011/12/29 00:53:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AFFDBEBB-5D2B-4FA3-B81B-FF2934106957}
[2011/12/28 23:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ANSYSInstall
[2011/12/28 23:03:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ansys
[2011/12/28 23:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANSYS 12.1
[2011/12/28 22:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2011/12/28 22:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANSYS, Inc. License Manager
[2011/12/28 22:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\ANSYS Inc
[2011/12/28 22:22:24 | 000,000,000 | ---D | C] -- C:\ANSYS Inc
[2011/12/28 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A8B067C8-BE24-4F99-BE9C-B6B3E1E97538}
[2011/12/28 12:52:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A529AC08-C690-4057-BA37-33C1BFBAAB0D}
[2011/12/28 00:52:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A3EB0B3F-099B-4F76-B410-1D2127E3339D}
[2011/12/28 00:51:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5E96A52F-F63F-4F7A-8D16-325A799916B6}
[2011/12/27 08:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{42588F23-5A7C-4424-84B8-4A48D5F5D7E5}
[2011/12/27 08:26:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EB0426A8-866E-4F05-B3C1-3F9B8703CEB1}
[2011/12/26 13:56:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{89028489-E87C-47E9-AF9C-92AF81C5731E}
[2011/12/26 13:56:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{766DA921-7962-4003-B812-9B260C9FB20D}
[2011/12/26 01:55:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{159AD3CC-9393-4740-802C-473AD0DB87A3}
[2011/12/26 01:55:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A397AC52-403A-40D1-9473-A9C19829D5A4}
[2011/12/25 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{077E699F-F636-412F-AFA4-81272ED2AF20}
[2011/12/25 13:55:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EDD91ED8-1F0A-4618-A968-6C0AECD7C916}
[2011/12/25 01:54:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5DDEBA33-D82B-4813-A498-826CEB4ED15A}
[2011/12/25 01:54:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{678EBE5E-F8E6-44CF-B62E-E1FD09F0EE8C}
[2011/12/24 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4EC8D359-2EEE-4094-B004-A0D8F6773DF8}
[2011/12/24 11:27:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7DA65B13-22D4-4516-9683-E71C321DFAEA}
[2011/12/24 01:48:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011/12/24 01:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/12/24 01:48:23 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2011/12/23 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{93A94263-1730-4149-872A-E628D40CC125}
[2011/12/23 23:26:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{412DC794-ADAC-44DA-AFE0-59E10904B72E}
[2011/12/23 08:40:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16DFA543-A8BC-49FB-B56E-A1D81F9AA0A3}
[2011/12/23 08:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{858B1400-30D0-49D1-B9BA-DEE7E9DC5D04}
[2011/12/22 20:37:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD4E8E2F-6C7D-4475-BFED-427BB376CF29}
[2011/12/22 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{10E24754-64B2-474E-BDC8-10BE070A2CCB}
[2011/12/22 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{266337B3-A7DF-45B1-BC17-98080F170A23}
[2011/12/22 08:36:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2AB6647-6B7F-4081-87C3-05202AB96A59}
[2011/12/21 20:36:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E8B5F8EE-08C5-40CD-9677-658C37DC6FAB}
[2011/12/21 20:35:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8957A9EB-B1A3-4198-B3C4-61EFF8291B26}
[2011/12/21 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\My EndNote Library.Data
[2011/12/21 10:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2011/12/21 10:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2011/12/21 10:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2011/12/21 10:42:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2011/12/21 10:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X5
[2011/12/21 10:36:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\EndNote
[2011/12/21 10:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2011/12/21 08:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B048C6F4-5A13-449B-9293-7F1B88BA6A2B}
[2011/12/21 08:34:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E9CD8023-30EE-4D56-97CF-13AA2E4B1A00}
[2011/12/20 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{67E62248-9F9A-4C51-9141-CADAD2BCCF7C}
[2011/12/20 18:43:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{42C99853-8D6E-4DE9-B51A-00B337259CF4}
[2011/12/20 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4B685733-1011-4EEA-9B8E-3E071F0F00F1}
[2011/12/20 00:40:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99D4C316-5135-41DA-9739-00C30BC811C2}
[2011/12/19 12:40:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{19F5E4E4-98A5-47D1-BA9A-76EF5685715B}
[2011/12/19 12:40:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3F838259-1864-42EF-9E80-E8A38B30732F}
[2011/12/19 00:39:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D1C564E3-4656-488D-A959-B32771F614BD}
[2011/12/19 00:39:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9F05C88F-57A4-4CB9-97C0-BB182E3B98BD}
[2011/12/18 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{19678C42-B2FC-4319-AD14-9304BB4A2243}
[2011/12/18 12:38:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B234D1C-E599-454B-952A-1B73AB35E86E}
[2011/12/18 00:38:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FEF12182-277D-4B3C-88A6-58EB42441A17}
[2011/12/18 00:38:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87BD89C9-4EAC-406C-BCA6-EBDD6E27F158}
[2011/12/17 12:37:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27BC5CB5-1297-4DD5-ADF9-2532372AD56E}
[2011/12/17 12:37:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E3855965-8D6E-4232-8539-4C2EAC939F35}
[2011/12/17 00:36:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{909BF084-5114-4917-85ED-1BEB57024864}
[2011/12/17 00:36:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{87637081-B90A-4366-8BE1-23C0BB9878F8}
[2011/12/16 12:36:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{08F2344E-6002-4171-92E5-0F169D95AF3B}
[2011/12/16 12:36:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A4FBF35E-3577-41B9-B633-2B7B0A0F571A}
[2011/12/16 00:35:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8692E21A-C214-41A2-AB62-08D87A2F28ED}
[2011/12/16 00:35:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{417F3E7C-CB9A-4EFF-9608-CD69BD6F20D4}
[2011/12/15 12:35:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC6C4359-8B84-4BF0-A399-F62E4414B6D2}
[2011/12/15 12:34:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FED91FDC-3759-4179-AC52-45197E64AE00}
[2011/12/15 00:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2D358CBF-7D6A-4FD6-8062-82BC19E30175}
[2011/12/15 00:34:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A37BDD45-E547-4754-B2FD-F6E66469A94D}
[2011/12/14 12:33:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B1AC74C3-BDF6-44A7-97F4-153A6A475B63}
[2011/12/14 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8C86ABBA-09FB-40DB-8263-EB5D077DFF5E}
[2011/12/14 00:33:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23E4C2E3-429F-427C-9E41-385B85B311E3}
[2011/12/14 00:33:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CD38CDE8-B060-4F54-88FC-03C1CAAB42C1}
[2011/03/17 09:09:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2011/03/17 09:09:51 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2011/03/17 09:09:51 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2011/03/17 09:09:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2011/03/17 09:09:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2011/03/17 09:09:51 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2011/03/17 09:09:51 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2011/03/17 09:09:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2011/03/17 09:09:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2011/03/17 09:09:51 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2011/03/17 09:09:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2011/03/17 09:09:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2011/03/17 09:09:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 21:57:23 | 006,329,208 | ---- | M] () -- C:\Users\User\Desktop\Wonder Girls - The DJ Is Mine (320kbps) [www.k2nblog.com].rar.crdownload
[2012/01/12 21:54:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 21:54:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 21:53:53 | 2388,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 21:49:48 | 000,000,025 | ---- | M] () -- C:\Users\User\AppData\Roaming\CoreAVC.ini
[2012/01/12 21:49:28 | 000,137,728 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 21:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 21:34:17 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 21:32:43 | 000,721,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 21:32:43 | 000,145,776 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 21:32:24 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/12 21:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536658832-274290432-161746704-1000UA.job
[2012/01/12 20:53:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe
[2012/01/12 20:17:44 | 000,006,768 | ---- | M] () -- C:\bootsqm.dat
[2012/01/12 19:39:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2536658832-274290432-161746704-1000UA.job
[2012/01/11 10:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2536658832-274290432-161746704-1000Core.job
[2012/01/10 23:00:36 | 005,134,295 | ---- | M] () -- C:\Users\User\Desktop\Kim Dong Ryul- Like a Child (Ft Alex).mp3
[2012/01/10 21:39:38 | 001,408,423 | ---- | M] () -- C:\Users\User\Desktop\scan0002.pdf
[2012/01/10 16:49:20 | 000,002,969 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk
[2012/01/08 23:05:57 | 002,007,556 | ---- | M] () -- C:\Users\User\Desktop\Keihin_Carb_ Manual.pdf
[2012/01/08 23:01:21 | 001,257,462 | ---- | M] () -- C:\Users\User\Desktop\vmmanual.pdf
[2012/01/08 14:31:51 | 000,870,578 | ---- | M] () -- C:\Users\User\Desktop\p81a.pdf
[2012/01/08 14:31:22 | 000,960,962 | ---- | M] () -- C:\Users\User\Desktop\p61a.pdf
[2012/01/08 14:29:59 | 000,627,811 | ---- | M] () -- C:\Users\User\Desktop\p39a.pdf
[2012/01/08 09:30:36 | 000,038,520 | ---- | M] () -- C:\Users\User\Desktop\Presentation EME3056.zip
[2012/01/08 02:41:15 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 02:41:15 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 10:08:33 | 000,002,403 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/01/04 19:12:43 | 001,327,922 | ---- | M] () -- C:\Users\User\Desktop\cmme tut with ht note.zip
[2011/12/30 07:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536658832-274290432-161746704-1000Core.job
[2011/12/30 02:06:14 | 000,544,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/29 20:17:12 | 000,001,170 | ---- | M] () -- C:\Users\User\Desktop\AVS Video Editor.lnk
[2011/12/28 22:32:55 | 000,000,285 | ---- | M] () -- C:\Users\User\Documents\LICSERVER.INFO
[2011/12/24 01:48:33 | 000,001,015 | ---- | M] () -- C:\Users\User\Deskt

guestolo · « **Reply #5 on:** January 12, 2012, 09:51:27 PM »

Can you do the following please
You have outdated versions of Java installed
Can you close down all browser windows
Access "Programs and Features" in Control Panel and uninstall your copies of :
Java™ 6 Update 29
Java™ 6 Update 6

Afterwards: Come back here
Right click on OTL.exe and choose to "Run as Administrator" and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
[2010/12/13 20:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - File not found
O2 - BHO: (A57CDFD3-A6CA-35CC-F001-C57C13EA7093 Class) - {A57CDFD3-A6CA-35CC-F001-C57C13EA7093} - File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - File not found
O24 - Desktop Components:0 () -
:Files
ipconfig /flushdns /c
:Commands
[EmptyFlash]
[EmptyTemp]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Update Java: Go to the following website and install the latest version of Java
http://www.java.com/en/download/index.jsp

Can you also let me know if you intended to install the Trial version of Malwarebytes AntiMalware
Or if you would like to stick with the free version, or would you like to uninstall it after we are done here?

zzzim · « **Reply #6 on:** January 13, 2012, 11:31:33 PM »

I think I will just stick with the current version

=)

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A57CDFD3-A6CA-35CC-F001-C57C13EA7093}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A57CDFD3-A6CA-35CC-F001-C57C13EA7093}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Flash cache emptied: 2848 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 5474198 bytes
->Temporary Internet Files folder emptied: 516170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10455146 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50310723 bytes
RecycleBin emptied: 58539 bytes

Total Files Cleaned = 64.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 01142012_122312

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

guestolo · « **Reply #7 on:** January 14, 2012, 12:49:35 AM »

Quote

I think I will just stick with the current version

That is your option, it 's a very good scanner, how are things now running?

zzzim · « **Reply #8 on:** January 14, 2012, 02:57:24 AM »

ok. thax for recommendation i will consider about it.

So far so good. thax a lot! =D

guestolo · « **Reply #9 on:** January 14, 2012, 02:53:52 PM »

Can you right click on OTL.exe and choose to "Run as Admin"
When it opens, click on the CLEANUP button and let it finish
Reboot when done, this will properly remove OTL

Can you ensure that your AntiVirus software is up to date and run a full system scan
Let me know if it comes back clean before we lock this up

TheTechGuide Forum

News:

Author Topic: Computer Hang All of a suddent (Read 2101 times)

zzzim

Computer Hang All of a suddent

guestolo

Computer Hang All of a suddent

zzzim

Computer Hang All of a suddent

guestolo

Computer Hang All of a suddent

zzzim

Computer Hang All of a suddent

guestolo

Computer Hang All of a suddent

zzzim

Computer Hang All of a suddent

guestolo

Computer Hang All of a suddent

zzzim

Computer Hang All of a suddent

guestolo

Computer Hang All of a suddent