Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, sporadic


  • This topic is locked This topic is locked
16 replies to this topic

#1 qs1234

qs1234

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 18 October 2010 - 03:12 PM

Hi, I think I have some form of the google redirect virus - I've been poring through your forums and did the following;

1) malwarebytes scan - nothing found
2) tdsskill - nothing found
3) combofix - I know I wasn't supposed to run this - but I have the log. I just need to make sure that it found something.

I am uploading the DDS logs (2 of them) and the combofix log.

Thanks so much!

Attached Files



BC AdBot (Login to Remove)

 


#2 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 18 October 2010 - 09:52 PM

Hello,

Back on Sept 24, AVG detected and removed Trojan horse SHeur3*, Generic19*, Downloader*.
On Oct 17 930a, it detected and removed another round of Trojan horse SHeur3*, Generic19* and Cryptic.
On Oct 17 1045p, it detected and removed Win32/Kryptik.GWM
All these were from downloading files through megaupload.

I also started noticing some form of google redirect virus but this does not happen on all searches.

Hitman pro and tdsskiller did not find anything
I did a mbam scan - two times before a clean report came back, please see attached logs
I also did a combofix - please see attached log
DDS logs are also attached.

I don't know if I removed everything, can you help me confirm?

Thanks so much!

Attached Files


Edited by Orange Blossom, 18 October 2010 - 10:50 PM.
Merged topics. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 27 October 2010 - 06:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    winlogon.exe
    wininit.exe
    explorer.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 27 October 2010 - 08:24 PM

Hi,

Thank you for getting back to me!

To recap - here is the sequence of events

Back on Sept 24, AVG detected and removed Trojan horse SHeur3*, Generic19*, Downloader*.

After some downloads on 10/17:
On Oct 17 930a, it detected and removed another round of Trojan horse SHeur3*, Generic19* and Cryptic.
On Oct 17 1045p, it detected and removed Win32/Kryptik.GWM
On Oct 17, mbam scan - two times before a clean report came back, please see attached logs from previous post

After some downloads on 10/20:

On Oct 20, AVG detected and removed some Win32/Kryptik.HNT and Kryptik.HNG and Trojan horse.
Malware detected and removed on Scan1
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Delete on reboot.
C:\Users\shioulin\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Malware detected and removed on Scan2

C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Delete on reboot.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Delete on reboot.
C:\Users\Public\Documents\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.

Please let me know if the computer is clean....

Below are reports from OTL:


OTL logfile created on: 10/27/2010 9:03:20 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\shioulin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 50.79 Gb Free Space | 36.85% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.64 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.68 Gb Free Space | 46.51% Space Free | Partition Type: NTFS

Computer Name: SHIOULIN-PC | User Name: shioulin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 21:02:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shioulin\Desktop\OTL.exe
PRC - [2010/10/20 08:31:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/29 17:09:04 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/29 17:09:00 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/29 17:08:56 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/29 17:08:54 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/29 14:00:04 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/10 20:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/06/15 13:51:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/06/15 13:51:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 01:21:46 | 003,093,816 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2009/03/05 00:57:08 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/19 06:05:52 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/02/11 23:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/11 23:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 23:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 20:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2009/01/28 14:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/07 14:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/05/24 19:49:56 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/10/27 21:02:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shioulin\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/23 11:17:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/29 17:08:56 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/29 17:08:54 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/10 20:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/06/15 13:51:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/03/19 06:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/03/05 00:57:08 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 23:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/02/11 23:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/01/28 20:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:49:32 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/24 19:31:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shioulin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/30 12:19:06 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/09/30 12:14:08 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/09/30 11:34:02 | 000,018,184 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/09/30 11:34:02 | 000,017,160 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/09/30 11:34:02 | 000,015,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/06/15 13:51:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/05/06 21:14:42 | 004,740,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/03/19 06:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/02/19 06:06:18 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/11 04:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/02/09 05:01:16 | 000,452,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/22 02:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/03/25 02:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 02:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 02:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "news.google.com"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/26 13:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/10/24 11:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 08:31:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 14:19:42 | 000,000,000 | ---D | M]

[2009/10/09 08:10:50 | 000,000,000 | ---D | M] -- C:\Users\shioulin\AppData\Roaming\Mozilla\Extensions
[2010/10/27 07:30:26 | 000,000,000 | ---D | M] -- C:\Users\shioulin\AppData\Roaming\Mozilla\Firefox\Profiles\3kel15yz.default\extensions
[2010/04/27 07:07:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\shioulin\AppData\Roaming\Mozilla\Firefox\Profiles\3kel15yz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/11 08:46:23 | 000,000,000 | ---D | M] -- C:\Users\shioulin\AppData\Roaming\Mozilla\Firefox\Profiles\3kel15yz.default\extensions\LogMeInClient@logmein.com
[2010/10/22 10:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 10:11:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/22 10:11:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/18 22:02:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Users\shioulin\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2DAFD9F4-CC67-8374-F401-831990CD3E6D} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B05204EA-9DA4-8FB6-76E7-BE81317D671C} - Browser Customizations
ActiveX: {C5ACD981-C656-5545-ADB6-DB60D21E167A} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 21:02:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\shioulin\Desktop\OTL.exe
[2010/10/26 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\shioulin\Desktop\tdsskiller
[2010/10/26 07:44:55 | 000,000,000 | ---D | C] -- C:\Users\shioulin\Documents\Classes
[2010/10/24 12:03:40 | 000,000,000 | -HSD | C] -- C:\Users\shioulin\Phone Browser
[2010/10/24 11:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/10/24 11:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/10/24 11:22:25 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Roaming\vlc
[2010/10/23 14:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/22 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/22 10:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/22 10:11:57 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/22 10:11:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/22 10:11:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/22 10:11:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/20 22:35:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/20 22:35:19 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Local\temp
[2010/10/20 22:34:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/20 22:25:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/20 07:38:55 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/10/20 07:38:53 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/18 21:51:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/18 21:51:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/18 21:51:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/18 21:51:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/18 21:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/18 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Roaming\Malwarebytes
[2010/10/18 21:10:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/18 21:10:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/18 21:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/18 21:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/17 22:40:12 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Local\AVG Security Toolbar
[2010/10/17 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Roaming\AVG10
[2010/10/17 22:37:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/17 22:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/17 22:35:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/17 22:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/17 22:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/14 17:52:52 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 17:52:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 17:52:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 17:52:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 17:52:32 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 17:52:21 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 17:52:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 17:52:13 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 17:52:00 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 17:51:54 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 17:51:54 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 17:51:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/14 17:51:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/04 19:29:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/04 19:29:40 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/04 19:29:40 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/01 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\shioulin\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/01 08:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/01 08:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/29 07:20:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/10/27 21:02:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shioulin\Desktop\OTL.exe
[2010/10/27 20:04:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 20:04:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 20:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 20:04:03 | 3177,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 20:01:43 | 000,033,280 | ---- | M] () -- C:\Users\shioulin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 19:10:38 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/27 19:06:20 | 097,810,124 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/26 16:55:45 | 000,133,632 | ---- | M] () -- C:\Users\shioulin\Desktop\RKUnhookerLE.EXE
[2010/10/24 12:10:32 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/24 12:10:32 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/24 11:56:26 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/10/24 11:22:13 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/23 14:19:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/22 10:11:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/22 10:11:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/22 10:11:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/22 10:11:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/21 07:29:09 | 000,412,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/20 22:25:32 | 003,881,650 | R--- | M] () -- C:\Users\shioulin\Desktop\ComboFix.exe
[2010/10/20 22:23:39 | 000,050,477 | ---- | M] () -- C:\Users\shioulin\Desktop\Defogger.exe
[2010/10/18 22:35:05 | 000,003,247 | ---- | M] () -- C:\Users\shioulin\Desktop\Attach.zip
[2010/10/18 22:32:04 | 000,544,768 | ---- | M] () -- C:\Users\shioulin\Desktop\dds.scr
[2010/10/18 22:31:24 | 000,000,000 | ---- | M] () -- C:\Users\shioulin\defogger_reenable
[2010/10/18 22:02:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/18 21:42:07 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/18 21:04:00 | 000,000,120 | ---- | M] () -- C:\Users\shioulin\AppData\Local\Yzufokaradewil.dat
[2010/10/18 07:28:45 | 000,000,000 | ---- | M] () -- C:\Users\shioulin\AppData\Local\Uyosiqusoletun.bin
[2010/10/17 13:52:15 | 000,000,000 | ---- | M] () -- C:\Users\shioulin\AppData\Local\prvlcl.dat
[2010/10/03 10:22:56 | 007,428,187 | ---- | M] () -- C:\Users\shioulin\Desktop\2011_ECoupe_Cab.pdf
[2010/10/01 08:42:43 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2010/10/27 19:06:20 | 097,810,124 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/26 16:55:41 | 000,133,632 | ---- | C] () -- C:\Users\shioulin\Desktop\RKUnhookerLE.EXE
[2010/10/26 13:47:06 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/24 11:56:26 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/10/24 11:22:13 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/23 14:19:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/20 22:23:32 | 000,050,477 | ---- | C] () -- C:\Users\shioulin\Desktop\Defogger.exe
[2010/10/18 22:35:05 | 000,003,247 | ---- | C] () -- C:\Users\shioulin\Desktop\Attach.zip
[2010/10/18 22:32:02 | 000,544,768 | ---- | C] () -- C:\Users\shioulin\Desktop\dds.scr
[2010/10/18 22:31:24 | 000,000,000 | ---- | C] () -- C:\Users\shioulin\defogger_reenable
[2010/10/18 21:51:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/18 21:51:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/18 21:51:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/18 21:51:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/18 21:51:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/18 21:49:26 | 003,881,650 | R--- | C] () -- C:\Users\shioulin\Desktop\ComboFix.exe
[2010/10/18 21:42:07 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/18 07:28:45 | 000,000,120 | ---- | C] () -- C:\Users\shioulin\AppData\Local\Yzufokaradewil.dat
[2010/10/03 10:22:55 | 007,428,187 | ---- | C] () -- C:\Users\shioulin\Desktop\2011_ECoupe_Cab.pdf
[2010/10/01 08:42:43 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/25 20:03:06 | 000,000,000 | ---- | C] () -- C:\Users\shioulin\AppData\Local\Uyosiqusoletun.bin
[2010/09/24 19:23:39 | 000,033,280 | ---- | C] () -- C:\Users\shioulin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 07:17:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/03/13 13:30:05 | 000,000,000 | ---- | C] () -- C:\Users\shioulin\AppData\Local\prvlcl.dat
[2009/12/22 23:06:58 | 000,000,680 | ---- | C] () -- C:\Users\shioulin\AppData\Local\d3d9caps.dat
[2009/10/19 18:13:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/30 12:11:23 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/09/30 12:11:23 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/30 12:09:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/09/30 12:09:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/09/30 12:09:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/09/30 12:09:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/09/30 12:09:32 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/09/30 12:09:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/09/30 11:43:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/09/30 11:43:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/09/30 11:43:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/09/30 11:43:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HLP.DAT >
[2009/04/11 02:28:25 | 000,036,669 | ---- | M] () MD5=33553728083D549094EC362559777911 -- C:\Users\Public\Documents\Server\hlp.dat

< MD5 for: WININIT.EXE >
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSFilter.sys
[2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/10/18 21:42:07 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/06 09:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/09/06 09:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/09/06 09:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< End of report >


OTL Extras logfile created on: 10/27/2010 9:03:20 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\shioulin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 50.79 Gb Free Space | 36.85% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.64 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.68 Gb Free Space | 46.51% Space Free | Partition Type: NTFS

Computer Name: SHIOULIN-PC | User Name: shioulin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03295792-CB8C-47A6-AA46-43F0AE2F00BA}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{2CF77E8F-0B80-43E4-AD79-E0A90D0266E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E574091-0E01-4F85-B627-9131411D81C4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4A6A3093-7A89-4AE5-A017-BEADD51A702A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5150B717-7EEB-4420-9E12-80F13338EB57}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{5510F5F4-A9FD-4B03-97DE-4F511EE61AC7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5EDFD20F-A19C-4EDB-8841-4CD84F77F7D9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{693E933E-8EDB-4A39-9B97-24D277D8A51D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{69F86D2C-0608-4BFE-A284-DDAA327EA683}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8531C997-2261-4341-92A8-D8CB7429DE3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D4C425E-95D7-49F6-9EAB-3FB51C042309}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B7296651-E4A5-4738-9A73-F337EC8CE320}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{B9D941E0-D644-4519-A214-97ABCF25A8C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{BBBBD130-2FBD-42C5-BA9A-9CCAA5C3E363}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CCB10290-D6E7-4205-A433-59E5F05E9887}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{DCBEB76B-98C8-41E5-B943-D6587BFE12C7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E6F156A8-FA62-41A3-B491-1B82413EE1D4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F5829D14-2483-40B6-B6C3-083AC31781D5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"TCP Query User{DA250640-31B9-4687-B796-47A1D17BB672}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ADED7DFC-E54B-41BF-8975-F236B8AF199E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{05AC4CE9-8846-49E1-9169-6E791ED9A9FC}" = Mobile Broadband Connect
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel® PROSet/Wireless WiFi Software
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3D717E8B-7AF0-4FDF-87FA-6C5797A1B995}" = Roxio Creator Business Edition
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Lenovo Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2011
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Nokia PC Suite" = Nokia PC Suite
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2625605025-3043223731-1009164332-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2010 9:41:24 PM | Computer Name = shioulin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 80434

Error - 10/26/2010 9:41:24 PM | Computer Name = shioulin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 80434

Error - 10/26/2010 9:41:25 PM | Computer Name = shioulin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/26/2010 9:41:25 PM | Computer Name = shioulin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 81650

Error - 10/26/2010 9:41:25 PM | Computer Name = shioulin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 81650

Error - 10/26/2010 9:54:42 PM | Computer Name = shioulin-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/27/2010 7:20:02 AM | Computer Name = shioulin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2010 7:02:35 PM | Computer Name = shioulin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2010 8:03:00 PM | Computer Name = shioulin-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/27/2010 8:04:24 PM | Computer Name = shioulin-PC | Source = WinMgmt | ID = 10
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 5/9/2010 5:55:09 PM | Computer Name = shioulin-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 9/14/2010 10:27:08 AM | Computer Name = shioulin-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ System Events ]
Error - 10/27/2010 7:02:35 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/27/2010 7:02:37 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/27/2010 7:04:45 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/27/2010 7:07:16 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/27/2010 7:07:52 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/27/2010 7:45:16 PM | Computer Name = shioulin-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/27/2010 8:04:24 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/27/2010 8:04:24 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/27/2010 8:04:25 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/27/2010 8:06:26 PM | Computer Name = shioulin-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 28 October 2010 - 06:35 AM

Hi,

please download a fresh copy of ComboFix and run a new scan with it.

Please also run this scan with OTL:
Please run OTL again and use the following settings:
  • Check Scan All Users.
  • For Processes choose none.
  • For Modules choose none.
  • For Services choose none.
  • For Drivers choose none.
  • For Standard Registry choose none.
  • For Extra Registry choose none.
  • For Files Created Within choose none.
  • For Files Modified Within choose none.
  • Under Custom Scans/Fixes paste:
    /md5start
    iexplore.exe
    firefox.exe
    /md5stop
    
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.

regards _temp_

regards myrti

Edited by myrti, 28 October 2010 - 06:37 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 29 October 2010 - 06:19 AM

Hi,

OTL rerun - log follows. Combofix log is attached - I still have combofix on the computer, so just downloaded a new version when prompted.

Thanks!

OTL logfile created on: 10/28/2010 9:38:18 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\shioulin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 48.75 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.64 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.68 Gb Free Space | 46.51% Space Free | Partition Type: NTFS

Computer Name: SHIOULIN-PC | User Name: shioulin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: FIREFOX.EXE >
[2010/10/20 08:31:09 | 000,912,344 | ---- | M] (Mozilla Corporation) MD5=85D3F698DA0A6A28AE2A08E984CB0AC9 -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/10/20 08:31:09 | 000,912,344 | ---- | M] (Mozilla Corporation) MD5=85D3F698DA0A6A28AE2A08E984CB0AC9 -- C:\Windows\ERDNT\cache\firefox.exe

< MD5 for: IEXPLORE.EXE >
[2010/09/08 13:30:52 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=02FF22F3AF0108DA2A563ABC9867049F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18527_none_2f536bb51a085bcf\iexplore.exe
[2009/10/27 09:11:33 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=03EF289E8F82CBC4E492658864C7C51A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
[2009/12/18 08:28:58 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=115076DAD84312F3A51698C15BC39D39 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21184_none_2db2bdca3632ff3d\iexplore.exe
[2009/07/18 08:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 17:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/09/30 11:47:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/03/09 12:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=259E27152180B895DF395ED3E412B90E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe
[2010/05/04 14:56:53 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=29A7F81290165264010B784A7D217561 -- C:\Windows\SoftwareDistribution\Download\41e352bf530f83fc2b62300d85d6fb42\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18470_none_2f16582d1a3738fc\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\ERDNT\cache\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2010/09/09 11:50:19 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3EF3476EF687FE18856A6148C6082452 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22760_none_2faac8b0334cb723\iexplore.exe
[2010/05/04 14:31:09 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=424CEA5CB5999B2A6A3ED643EA20C97F -- C:\Windows\SoftwareDistribution\Download\41e352bf530f83fc2b62300d85d6fb42\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22685_none_2f9a286433587091\iexplore.exe
[2009/10/27 11:11:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
[2008/01/20 22:33:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/03/11 12:40:22 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=67C769016A79E6FC65D1755E5D6ADAB3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe
[2009/12/18 11:42:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=6C8AC3469BBEFE194BB18B2D84D98252 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18385_none_2f1087cd1a3ad679\iexplore.exe
[2010/03/09 12:30:03 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=74E60C93D1C9A40354D839776CCF53DF -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe
[2009/10/27 09:24:29 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=79B60CC26404F8FC2B351A7551D93C17 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
[2009/07/18 08:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2009/10/27 09:22:34 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
[2010/06/28 12:33:13 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=867D06F3C473F65921F5EDF35866FF14 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\iexplore.exe
[2010/03/09 12:32:31 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=97496AA4590CB101EF990060F7055F3D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe
[2009/08/27 10:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[2009/08/27 09:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[2010/06/28 12:19:40 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6D7D54B736056991109F169737592C7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\iexplore.exe
[2009/08/27 09:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[2009/12/18 08:56:05 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=C071905121F6DE5F399550FC70138FEC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\iexplore.exe
[2009/09/30 11:47:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2009/09/30 11:47:37 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2009/07/18 07:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2009/09/30 11:47:37 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[2009/12/18 08:27:08 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F47755101C622AF18EE669ECEB3A97AD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22585_none_2f9a267e3358736a\iexplore.exe
[2009/08/27 09:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe

< End of report >

Attached Files



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 01 November 2010 - 07:24 AM

Hi,

this is looking good. Have you eben getting any more detections lately?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 01 November 2010 - 08:01 AM

Hi Myrti,

No detections lately. I've been running MBAM regularly and all scans have been coming back clean. AVG is also not finding anything. Am I in the clear? I'm paranoid :)

#9 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 01 November 2010 - 08:08 AM

How should I prevent re-infection via downloading files through sites like megaupload?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 01 November 2010 - 08:49 AM

Hi,

ideally I would say stop downloading files, especially since most of these downloads aren't exactly legal in the first place. If you download those illegal files, there is nothing that can save you from reinfection, since you yourself will be granting those files full permissions to be executed on your PC.

If you have to go there and download files, make sure that 1) all the software on your PC is up to date and 2) that all the files you download are what they say they are and not fake.

Please run an online scan next:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 03 November 2010 - 06:21 AM

Please see below - thanks!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 3, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 09:24:58
Records in database: 4202672
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
G:\
Q:\
S:\

Scan statistics:
Objects scanned: 252806
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:12:16


File name / Threat / Threats count
C:\Users\shioulin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7845b2d2-4e03d564 Infected: Exploit.Java.Agent.f 1
C:\Users\shioulin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1f3f8202-40fe8775 Infected: Exploit.Java.Agent.f 1
C:\Users\shioulin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5b3d5486-217eb2e5 Infected: Exploit.Java.Agent.f 1
C:\Users\shioulin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-2f0d1dfe Infected: Exploit.Java.Agent.du 1

Selected area has been scanned.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 03 November 2010 - 08:03 AM

Hi,

please update your java next:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your logs are looking clean, unless you ahve more questions, I think we are almost done.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 03 November 2010 - 08:17 PM

Hi,

I removed and Java as instructed. Also cleared the deployment cache (not sure if that's required)
I'm assuming I'm clear? Thank you so much for your help!

Hi,

Sorry - I meant to say that I removed and reinstalled as instructed...

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:37 PM

Posted 04 November 2010 - 02:55 AM

I think we're done then! :)

All that is left to do is to remove the programs we used:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Posted Image
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 qs1234

qs1234
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 05 November 2010 - 11:00 AM

Hi,

Both combofix and OTL are uninstalled. I also have RKUnhooker, can I just delete it from my desktop?

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users