Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cscript.exe - Bad Image , scrobj.dll is not designed to run on window


  • This topic is locked This topic is locked
32 replies to this topic

#1 minde

minde

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 22 February 2011 - 05:15 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic380038.html ~ OB

Hi Im running windows 7 32bit , 3.06ghz with 4gb ram . Im facing various problems .

1) There are error pop ups stating 'cscript.exe - Bad Image , scrobj.dll is not designed to run on window'
2) When opening Device Manager , 'mmc.exe is not a valid win32 app' pops up
3) Similarly, when I try to open services in administrative tools , the same error pops up .
4) I get error of my printer driver not a valid win32 application
5) Itunes could not identify my Iphone even with a beep sound
6) Creative software cannot detect my USB soundblaster stick even with a beep sound
7) Windows cannot read SD card although theres a beep sound
8) Could not remove old Epson printer driver
9) Failed installation of Windows 7 Service Pack 1 and also IE 9 installation

Hope you guys can help , Thanks !


DDS (Ver_10-12-12.02) - NTFSx86
Run by Chang Min De at 21:21:57.39 on 22-Feb-11
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.3037.1560 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe
C:\Program Files\AirPrint\Airprint.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\sppsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Chang Min De\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: ??à×á÷??ì?ì?2aIE?§3?: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDMediaDetector5.9.26.1538.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ??à×í?ò3í????ˉàà?÷IE?§3?: {2d90d33c-de76-42d0-9040-e4466ddc24ac} - c:\program files\thunder network\thunder\program\EmbedDetectNow.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [FAStartup]
mRun: [<NO NAME>]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: ????3??
IE: ????3??????
IE: ??????
IE: ????????
IE: ??????????
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: 使用快车3下载 - c:\users\chang min de\appdata\roaming\flashgetbho\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\users\chang min de\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: ACAPTUSER32.DLL c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\KLOEHK.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\changm~1\appdata\roaming\mozilla\firefox\profiles\009isbxn.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.ftp - 91.103.185.182
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 91.103.185.182
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 91.103.185.182
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 91.103.185.182
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 91.103.185.182
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\chang min de\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(13).dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\chang min de\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Fasterfox: {c36177c0-224a-11da-8cd6-0800200c9a91} - %profile%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\chang min de\appdata\roaming\idm\idmmzcc3

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-21 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-1-5 53816]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 RapportCerberus_22705;RapportCerberus_22705;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus_22705.sys [2011-1-5 47928]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-1-5 63160]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-1-5 156344]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe [2011-1-18 81920]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-21 176128]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-2-1 85768]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-1-18 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-1-5 821048]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-26 29472]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-3-9 56320]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-7-30 343592]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-11-25 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-11-25 280096]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\21923\RapportIaso.sys [2011-1-15 12928]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-8 135664]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-30 8192]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BusRMUSB;Remote USB Bus;c:\windows\system32\drivers\BusRMUSB.sys [2009-12-16 44544]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-1-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-2-22 79360]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 232832]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-12-14 32377]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-15 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]

=============== Created Last 30 ================

2011-02-22 21:05:27 90112 ------w- c:\windows\Updreg.EXE
2011-02-22 21:05:14 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-02-22 21:04:24 2630 ----a-w- c:\windows\MixerName.reg
2011-02-22 21:04:24 23292 ----a-w- c:\windows\ksaudENG.reg
2011-02-22 10:20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 10:19:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 02:52:03 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{67df5c6f-b8c9-4829-9d3a-201c669517e2}\mpengine.dll
2011-02-18 03:34:20 -------- d-----w- c:\users\chang min de\DoctorWeb
2011-02-17 15:45:17 -------- d-----w- c:\users\changm~1\appdata\roaming\Malwarebytes
2011-02-17 15:45:10 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-17 15:45:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-17 15:00:27 -------- d-----w- C:\ComboFix
2011-02-16 10:34:39 -------- d-----w- c:\program files\Feedback Tool
2011-02-10 03:05:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-02-10 03:05:10 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-10 03:05:10 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-09 15:10:14 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 15:10:14 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 15:10:13 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 15:10:11 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:10:09 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 15:10:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 15:10:06 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 15:09:55 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-09 15:09:55 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-09 15:09:54 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-09 15:09:54 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-09 15:09:54 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-09 15:09:54 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-09 15:09:54 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-09 15:09:54 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-09 15:09:54 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-09 15:09:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-06 19:24:33 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-02-06 19:24:11 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2011-02-06 19:24:08 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-02-01 14:37:03 85768 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-01-31 21:58:09 -------- d-----w- c:\program files\iPod

==================== Find3M ====================

2011-02-22 21:04:17 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-22 21:04:17 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-23 20:18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-21 15:43:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-01-20 22:51:48 102400 ----a-w- c:\windows\RegBootClean.exe
2010-12-25 06:58:25 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-24 20:45:25 256 ----a-w- C:\pool.bin
2010-12-24 20:44:46 256 ----a-w- c:\windows\system32\pool.bin
2010-12-08 13:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11:54 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-08 13:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-11-29 09:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

============= FINISH: 21:22:58.77 ===============

Attached Files


Edited by minde, 23 February 2011 - 09:00 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 27 February 2011 - 09:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 28 February 2011 - 04:56 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Hey thanks for the reply .Unfortunately, I did an unsupervised scan using superantispyware and fix a few registry malware . Do I need to repost a new log ? Do apologize for the inconvenience.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 28 February 2011 - 02:55 PM

Yes, please run OTL to rescan the computer

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 28 February 2011 - 06:22 PM

OTL logfile created on: 28-Feb-11 11:05:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Chang Min De\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.62 Gb Total Space | 227.33 Gb Free Space | 48.82% Space Free | Partition Type: NTFS

Computer Name: CHANGMINDE | User Name: Chang Min De | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chang Min De\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Wi-Fi Sync\wifisync.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Chang Min De\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AirPrint) -- C:\Program Files\AirPrint\Airprint.exe (Apple Inc.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\stacsv.exe (IDT, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (RapportIaso) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportCerberus_22705) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_22705.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (FACAP) -- C:\Windows\System32\drivers\facap.sys (Sensible Vision )
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BusRMUSB) -- C:\Windows\System32\drivers\BusRMUSB.sys (Windows ® Codename Longhorn DDK provider)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (PRODIGY) -- C:\Windows\System32\drivers\prodigy.sys (B-phreaks)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC CA F3 B7 FF 6D CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.backup.ftp: "24.222.241.206"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "24.222.241.206"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "24.222.241.206"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "24.222.241.206"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "91.103.185.182"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "91.103.185.182"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "91.103.185.182"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "91.103.185.182"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "91.103.185.182"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-26 03:52:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-26 03:52:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011-02-26 03:52:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011-02-26 03:52:16 | 000,000,000 | ---D | M]

[2009-11-21 01:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Extensions
[2009-11-21 01:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011-02-27 19:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\extensions
[2011-02-26 03:59:21 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011-02-26 03:59:21 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011-02-26 03:59:22 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2011-02-26 03:59:22 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2011-02-27 19:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-02-26 03:52:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-02-26 03:52:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011-02-26 03:52:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2011-02-26 03:52:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-02-26 03:52:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-02-26 03:52:37 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011-02-26 03:52:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-02-26 03:59:12 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\CHANG MIN DE\APPDATA\ROAMING\IDM\IDMMZCC3
[2010-12-12 18:00:19 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010-12-12 18:00:19 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006-06-15 20:33:58 | 000,233,472 | ---- | M] (C3D) -- C:\Program Files\Mozilla Firefox\plugins\CrazyTalk4Native.dll
[2006-05-25 18:43:32 | 000,204,895 | ---- | M] (Reallusion Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctdomemhelper.dll
[2005-09-29 14:41:38 | 000,077,824 | ---- | M] (Reallusion Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctframeplayerobject.dll
[2006-06-19 13:10:42 | 000,426,081 | ---- | M] (Reallusion Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctplayerobject.dll
[2005-02-02 12:19:12 | 000,458,752 | ---- | M] (BEXTech) -- C:\Program Files\Mozilla Firefox\plugins\imagickrt.dll
[2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-12 18:00:22 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008-06-11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010-12-20 12:54:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010-12-20 12:54:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010-12-20 12:54:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010-12-20 12:54:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010-12-20 12:54:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010-12-20 12:54:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010-12-20 12:54:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006-01-03 16:00:40 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
[2009-11-06 09:20:16 | 000,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2006-04-10 18:35:38 | 000,139,264 | ---- | M] (Reallusion Inc.) -- C:\Program Files\Mozilla Firefox\plugins\rlcontentclass.dll
[2005-11-09 11:10:06 | 000,204,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\RLMusicPacker.dll
[2005-11-09 11:42:52 | 000,106,496 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\RLMusicUnpacker.dll
[2006-01-04 11:22:00 | 000,212,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\RLVoicePacker.dll
[2006-01-04 11:21:44 | 000,167,936 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\RLVoiceUnpacker.dll
[2010-04-04 10:55:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010-04-04 10:55:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010-04-04 10:55:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010-04-04 10:55:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010-04-04 10:55:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010-04-04 10:55:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010-04-04 10:55:02 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011-02-22 12:52:44 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Ѹý̽IE֧) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.26.1538.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ѸҳͼƬIE֧) - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - C:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll (Xunlei)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wi-Fi Sync] C:\Program Files\Wi-Fi Sync\wifisync.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Chang Min De\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Chang Min De\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: 使用迅雷查看图片 - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (ACAPTUSER32.DLL) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\MZVKBD3.DLL) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\KLOEHK.DLL) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00f5eaf8-9e0d-11df-9b32-002219fd0470}\Shell - "" = AutoRun
O33 - MountPoints2\{00f5eaf8-9e0d-11df-9b32-002219fd0470}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b4c9495d-13ca-11df-bb40-002219fd0470}\Shell - "" = AutoRun
O33 - MountPoints2\{b4c9495d-13ca-11df-bb40-002219fd0470}\Shell\AutoRun\command - "" = G:\RunMe.exe
O33 - MountPoints2\{f9ffec47-0a5c-11df-b82c-002219fd0470}\Shell - "" = AutoRun
O33 - MountPoints2\{f9ffec47-0a5c-11df-b82c-002219fd0470}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{fe1bec66-1484-11e0-8557-002556d97e13}\Shell - "" = AutoRun
O33 - MountPoints2\{fe1bec66-1484-11e0-8557-002556d97e13}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fe1bec73-1484-11e0-8557-002556d97e13}\Shell - "" = AutoRun
O33 - MountPoints2\{fe1bec73-1484-11e0-8557-002556d97e13}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-02-28 23:03:12 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Chang Min De\Desktop\OTL.exe
[2011-02-25 21:04:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-02-25 15:18:54 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS
[2011-02-25 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\Chang Min De\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-Fi Sync
[2011-02-23 15:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011-02-23 13:39:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011-02-23 13:39:08 | 000,000,000 | ---D | C] -- C:\5e3d6fe7e69a64685c0ce0d35eadec
[2011-02-23 12:45:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011-02-23 12:45:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011-02-23 01:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011-02-23 01:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2011-02-23 00:26:11 | 000,000,000 | ---D | C] -- C:\Users\Chang Min De\AppData\Roaming\SUPERAntiSpyware.com
[2011-02-23 00:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-02-23 00:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-02-23 00:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-02-22 21:05:27 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\Updreg.EXE
[2011-02-22 21:04:26 | 000,806,272 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\ksaud.sys
[2011-02-22 21:04:26 | 000,600,402 | ---- | C] (Creative Technology Ltd) -- C:\Windows\KSAIM32.exe
[2011-02-22 21:04:26 | 000,507,392 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\KSAPO32.dll
[2011-02-22 21:04:26 | 000,327,680 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\JDetect.exe
[2011-02-22 21:04:26 | 000,186,880 | ---- | C] (Creative Technology Limited) -- C:\Windows\System32\KsDvInst.dll
[2011-02-22 21:04:26 | 000,164,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\KSVSPI32.dll
[2011-02-22 21:04:26 | 000,098,816 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\SBAVMon.dll
[2011-02-22 21:04:26 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\KSPPLD32.dll
[2011-02-22 10:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-02-22 10:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-02-22 10:19:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-02-18 03:34:20 | 000,000,000 | ---D | C] -- C:\Users\Chang Min De\DoctorWeb
[2011-02-17 15:45:17 | 000,000,000 | ---D | C] -- C:\Users\Chang Min De\AppData\Roaming\Malwarebytes
[2011-02-17 15:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-02-17 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-02-17 15:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-02-17 15:00:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-02-17 15:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-02-16 10:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011-02-12 14:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-02-10 03:05:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011-02-10 03:05:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-02-10 03:05:10 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-02-10 03:05:10 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011-02-09 15:10:14 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-02-09 15:10:13 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-02-09 15:10:11 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011-02-09 15:10:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011-02-09 15:10:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011-02-09 15:09:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011-02-09 15:09:54 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011-02-09 15:09:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011-02-09 15:09:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011-02-09 15:09:50 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011-02-02 00:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
[2011-02-01 14:37:03 | 000,085,768 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2011-01-31 21:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-01-31 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-01-31 21:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011-01-31 00:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-02-28 23:08:38 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-28 23:08:38 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-28 23:03:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chang Min De\Desktop\OTL.exe
[2011-02-28 23:00:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-28 22:59:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-28 22:59:43 | 2388,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-28 22:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-28 22:43:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3647009739-2770278754-2313620513-1000UA.job
[2011-02-27 23:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3647009739-2770278754-2313620513-1000Core.job
[2011-02-27 23:19:43 | 576,483,328 | ---- | M] () -- C:\Users\Chang Min De\Desktop\top.gear.s16e06.hdtv.xvid-bia.avi
[2011-02-25 15:23:55 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$
[2011-02-25 15:17:33 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011-02-25 15:17:33 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011-02-24 18:11:48 | 035,762,928 | ---- | M] () -- C:\Users\Chang Min De\Desktop\TEN YEAR FINAL.wav
[2011-02-24 01:06:05 | 000,626,098 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-24 01:06:05 | 000,380,774 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2011-02-24 01:06:05 | 000,364,672 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011-02-24 01:06:05 | 000,112,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-24 01:06:05 | 000,105,092 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011-02-24 01:06:05 | 000,100,178 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2011-02-23 00:26:06 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-22 22:38:10 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011-02-22 21:14:38 | 000,624,128 | ---- | M] () -- C:\Users\Chang Min De\Desktop\dds.scr
[2011-02-22 21:14:18 | 000,050,477 | ---- | M] () -- C:\Users\Chang Min De\Desktop\Defogger.exe
[2011-02-22 21:04:59 | 000,000,214 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011-02-22 21:04:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011-02-22 21:04:17 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011-02-22 12:52:44 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-02-22 10:20:01 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-22 01:37:29 | 000,135,101 | ---- | M] () -- C:\Users\Chang Min De\Desktop\QM_CW_March11.pdf
[2011-02-10 04:26:37 | 004,109,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-02-03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011-02-02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011-02-02 00:31:41 | 000,000,995 | ---- | M] () -- C:\Users\Chang Min De\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2011-02-02 00:31:41 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2011-02-01 14:01:54 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-01-31 21:52:29 | 000,002,503 | ---- | M] () -- C:\Users\Chang Min De\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011-01-31 00:26:43 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-02-27 23:39:36 | 576,483,328 | ---- | C] () -- C:\Users\Chang Min De\Desktop\top.gear.s16e06.hdtv.xvid-bia.avi
[2011-02-25 20:03:17 | 2388,279,296 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-25 15:23:55 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2011-02-24 18:11:18 | 035,762,928 | ---- | C] () -- C:\Users\Chang Min De\Desktop\TEN YEAR FINAL.wav
[2011-02-23 13:17:35 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011-02-23 13:17:35 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011-02-23 00:26:06 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-22 21:23:38 | 000,296,448 | ---- | C] () -- C:\Users\Chang Min De\Desktop\gmer.exe
[2011-02-22 21:14:35 | 000,624,128 | ---- | C] () -- C:\Users\Chang Min De\Desktop\dds.scr
[2011-02-22 21:14:18 | 000,050,477 | ---- | C] () -- C:\Users\Chang Min De\Desktop\Defogger.exe
[2011-02-22 21:05:14 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2011-02-22 21:04:34 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2011-02-22 21:04:26 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2011-02-22 21:04:26 | 000,008,096 | ---- | C] () -- C:\Windows\System32\MixerDefault.reg
[2011-02-22 21:04:26 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2011-02-22 21:04:26 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2011-02-22 21:04:26 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2011-02-22 21:04:26 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2011-02-22 21:04:26 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2011-02-22 21:04:26 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2011-02-22 21:04:26 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2011-02-22 21:04:26 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2011-02-22 21:04:26 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2011-02-22 21:04:26 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2011-02-22 21:04:24 | 000,023,292 | ---- | C] () -- C:\Windows\ksaudENG.reg
[2011-02-22 21:04:24 | 000,002,630 | ---- | C] () -- C:\Windows\MixerName.reg
[2011-02-22 10:30:25 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011-02-22 10:20:01 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-22 01:37:26 | 000,135,101 | ---- | C] () -- C:\Users\Chang Min De\Desktop\QM_CW_March11.pdf
[2011-02-02 00:31:41 | 000,000,995 | ---- | C] () -- C:\Users\Chang Min De\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2011-02-02 00:31:41 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2011-01-31 21:59:00 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-01-31 21:52:29 | 000,002,503 | ---- | C] () -- C:\Users\Chang Min De\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011-01-31 21:52:29 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011-01-31 00:26:43 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011-01-20 22:51:48 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011-01-19 01:42:45 | 000,108,544 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011-01-19 01:42:45 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011-01-11 08:33:44 | 000,000,455 | ---- | C] () -- C:\Windows\trview.ini
[2010-12-24 20:13:47 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010-11-23 10:59:56 | 000,173,164 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010-11-23 10:59:56 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010-09-30 00:44:55 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010-09-28 23:19:41 | 000,000,036 | ---- | C] () -- C:\Users\Chang Min De\AppData\Local\housecall.guid.cache
[2010-09-28 15:44:52 | 000,041,984 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys
[2010-08-11 13:28:24 | 000,000,452 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-08-03 01:48:55 | 000,000,600 | ---- | C] () -- C:\Users\Chang Min De\AppData\Roaming\winscp.rnd
[2010-07-04 04:57:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010-06-27 22:31:47 | 000,148,240 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010-06-24 02:17:05 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010-06-23 15:34:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010-06-23 15:34:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010-06-23 15:34:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010-06-23 15:34:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010-06-23 15:34:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010-06-23 15:34:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010-06-23 15:34:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010-06-23 15:34:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010-06-23 15:34:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010-06-23 15:34:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010-06-23 15:34:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010-06-23 15:34:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010-06-23 15:34:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010-06-23 15:34:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010-06-23 15:34:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010-06-23 15:34:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010-06-23 15:34:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010-06-23 15:34:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010-06-23 15:34:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010-04-28 21:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010-04-28 14:54:10 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2010-03-13 15:00:41 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010-01-21 22:07:34 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009-12-16 18:27:37 | 000,125,440 | ---- | C] () -- C:\Windows\PsMon.exe
[2009-12-16 18:27:37 | 000,008,704 | ---- | C] () -- C:\Windows\rmubcntl.dll
[2009-12-16 18:27:37 | 000,007,680 | ---- | C] () -- C:\Windows\cvnet05.dll
[2009-12-16 18:27:37 | 000,000,212 | ---- | C] () -- C:\Windows\PsLink.ini
[2009-12-10 20:43:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009-12-08 15:59:13 | 000,129,797 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2009-11-28 11:06:15 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009-11-28 11:06:15 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009-11-23 22:35:55 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009-11-23 22:35:55 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009-11-23 22:35:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009-11-23 20:53:59 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2009-11-22 01:08:30 | 000,007,653 | ---- | C] () -- C:\Users\Chang Min De\AppData\Local\resmon.resmoncfg
[2009-11-21 01:26:48 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009-11-21 01:24:37 | 000,380,774 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2009-11-21 01:24:37 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2009-11-21 01:24:37 | 000,100,178 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2009-11-21 01:24:37 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2009-11-21 01:18:14 | 000,364,672 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2009-11-21 01:18:14 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2009-11-21 01:18:14 | 000,105,092 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2009-11-21 01:18:14 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2009-11-21 00:58:04 | 000,000,467 | ---- | C] () -- C:\Users\Chang Min De\AppData\Local\Win7_Upgrade.bat
[2009-11-21 00:47:48 | 000,002,763 | ---- | C] () -- C:\Users\Chang Min De\AppData\Local\Win7_tmp1.htm
[2009-11-21 00:23:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-09-09 11:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009-07-14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:33:53 | 004,109,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 02:05:48 | 000,626,098 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 02:05:48 | 000,112,166 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009-07-14 00:07:04 | 000,138,240 | ---- | C] () -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2009-07-13 23:57:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\taskkill.exe
[2009-07-13 23:57:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\tasklist.exe
[2009-07-13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-13 23:42:43 | 000,173,568 | ---- | C] () -- C:\Windows\System32\scrobj.dll
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-13 23:32:18 | 001,401,344 | ---- | C] () -- C:\Windows\System32\mmc.exe
[2009-07-13 23:28:02 | 001,036,800 | ---- | C] () -- C:\Windows\System32\d3d8.dll
[2009-07-13 23:12:46 | 000,098,816 | ---- | C] () -- C:\Windows\System32\makecab.exe
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-02-18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009-02-03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[1996-04-03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011-02-26 03:58:58 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\BITS
[2009-12-14 00:47:30 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Blackberry Desktop
[2010-09-29 12:43:17 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Cakewalk
[2010-12-07 09:11:10 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Canon
[2011-02-26 03:59:06 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\DAEMON Tools Lite
[2011-02-26 03:59:06 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\DAEMON Tools Pro
[2010-12-17 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\DeviceDoctorSoftware
[2011-02-28 22:58:42 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\DMCache
[2010-11-17 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Epson
[2010-03-13 14:59:15 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\FlashGet
[2011-02-26 03:59:06 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\FlashGetBHO
[2010-03-04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\GARMIN
[2011-02-26 03:59:10 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\GetRightToGo
[2011-02-26 03:59:10 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\HandBrake
[2011-01-07 12:25:41 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Hobbyist Software
[2011-02-26 03:59:10 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\IDM
[2010-07-25 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Imagomat
[2010-09-26 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\ImTOO Software Studio
[2010-01-06 10:04:48 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Leadertech
[2009-11-23 22:40:04 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Maple
[2009-12-14 06:09:04 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Nokia
[2010-06-05 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\NVD
[2009-12-14 06:09:11 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\PC Suite
[2010-11-20 18:44:35 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\PCDr
[2011-02-05 01:03:42 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\PPStream
[2009-11-25 10:41:06 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Research In Motion
[2011-02-26 03:59:29 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\SoftGrid Client
[2010-12-17 14:32:16 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009-11-25 23:50:55 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\tmp
[2010-06-05 17:32:07 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\TP
[2010-01-30 15:37:41 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Trusteer
[2010-12-13 19:11:51 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\WebcamMax
[2011-02-26 03:59:31 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Wi-Fi Sync
[2010-08-18 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Chang Min De\AppData\Roaming\Xunlei
[2011-02-22 22:38:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010-12-22 01:10:18 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-01-15 16:05:59 | 000,001,584 | ---- | M] ()(C:\Windows\System32\?啜敳獲?慨杮?湩?履敄歳潴屰桃湡?楍?敄?慬正敢牲?慂正唠屰敎?潦摬牥楜摮湯獥慩?慍摩?捵敫?湩?湯?潋杮昮癬?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ戀ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ鐣匁?蠀骜扸骉扸骯扸骷扸骿扸鸑扸?扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk) -- C:\Windows\System32\㩃啜敳獲䍜慨杮䴠湩䐠履敄歳潴屰桃湡⁧楍敄䉜慬正敢牲⁹慂正唠屰敎⁷潦摬牥楜摮湯獥慩慍摩䘠捵敫⁤湩䠠湯⁧潋杮昮癬＀ǘﹰǘﶠǘﳐǘﰀǘאּǘ褐ǘ戀ǘǘǘ䬨ǘǘǘ䦈ǘ䩘ǘ䢸ǘ䟨ǘ䙈ǘ䜘ǘ䕸ǘ䒨ǘ䏘ǘ䌈ǘ䈸ǘ䅨ǘ䂘ǘ㿈ǘ㻸ǘ㸨ǘ㵘ǘ㲈ǘ㮸ǘ鐣匁Ȇ蠀骜扸骉扸骯扸骷扸骿扸鸑扸ꉁ扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk
[2011-01-15 16:05:59 | 000,001,584 | ---- | M] ()(C:\Windows\System32\?啜敳獲?慨杮?湩?履敄歳潴屰桃湡?楍?敄?慬正敢牲?慂正唠屰敎?潦摬牥卜楫湮?獁慩?潦?潍獮整?潃正???昮癬?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ戀ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ鐣匁?蠀骜扸骉扸骯扸骷扸骿扸鸑扸?扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk) -- C:\Windows\System32\㩃啜敳獲䍜慨杮䴠湩䐠履敄歳潴屰桃湡⁧楍敄䉜慬正敢牲⁹慂正唠屰敎⁷潦摬牥卜楫湮⁹獁慩潦⁲潍獮整⁲潃正⸮䘮〷昮癬＀ǘﹰǘﶠǘﳐǘﰀǘאּǘ褐ǘ戀ǘǘǘ䬨ǘǘǘ䦈ǘ䩘ǘ䢸ǘ䟨ǘ䙈ǘ䜘ǘ䕸ǘ䒨ǘ䏘ǘ䌈ǘ䈸ǘ䅨ǘ䂘ǘ㿈ǘ㻸ǘ㸨ǘ㵘ǘ㲈ǘ㮸ǘ鐣匁Ȇ蠀骜扸骉扸骯扸骷扸骿扸鸑扸ꉁ扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk
[2011-01-15 16:05:59 | 000,001,584 | ---- | C] ()(C:\Windows\System32\?啜敳獲?慨杮?湩?履敄歳潴屰桃湡?楍?敄?慬正敢牲?慂正唠屰敎?潦摬牥楜摮湯獥慩?慍摩?捵敫?湩?湯?潋杮昮癬?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ戀ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ鐣匁?蠀骜扸骉扸骯扸骷扸骿扸鸑扸?扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk) -- C:\Windows\System32\㩃啜敳獲䍜慨杮䴠湩䐠履敄歳潴屰桃湡⁧楍敄䉜慬正敢牲⁹慂正唠屰敎⁷潦摬牥楜摮湯獥慩慍摩䘠捵敫⁤湩䠠湯⁧潋杮昮癬＀ǘﹰǘﶠǘﳐǘﰀǘאּǘ褐ǘ戀ǘǘǘ䬨ǘǘǘ䦈ǘ䩘ǘ䢸ǘ䟨ǘ䙈ǘ䜘ǘ䕸ǘ䒨ǘ䏘ǘ䌈ǘ䈸ǘ䅨ǘ䂘ǘ㿈ǘ㻸ǘ㸨ǘ㵘ǘ㲈ǘ㮸ǘ鐣匁Ȇ蠀骜扸骉扸骯扸骷扸骿扸鸑扸ꉁ扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk
[2011-01-15 16:05:59 | 000,001,584 | ---- | C] ()(C:\Windows\System32\?啜敳獲?慨杮?湩?履敄歳潴屰桃湡?楍?敄?慬正敢牲?慂正唠屰敎?潦摬牥卜楫湮?獁慩?潦?潍獮整?潃正???昮癬?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ戀ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ?ǘ鐣匁?蠀骜扸骉扸骯扸骷扸骿扸鸑扸?扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk) -- C:\Windows\System32\㩃啜敳獲䍜慨杮䴠湩䐠履敄歳潴屰桃湡⁧楍敄䉜慬正敢牲⁹慂正唠屰敎⁷潦摬牥卜楫湮⁹獁慩潦⁲潍獮整⁲潃正⸮䘮〷昮癬＀ǘﹰǘﶠǘﳐǘﰀǘאּǘ褐ǘ戀ǘǘǘ䬨ǘǘǘ䦈ǘ䩘ǘ䢸ǘ䟨ǘ䙈ǘ䜘ǘ䕸ǘ䒨ǘ䏘ǘ䌈ǘ䈸ǘ䅨ǘ䂘ǘ㿈ǘ㻸ǘ㸨ǘ㵘ǘ㲈ǘ㮸ǘ鐣匁Ȇ蠀骜扸骉扸骯扸骷扸骿扸鸑扸ꉁ扸髇扸髏扸髗扸髟扸髧扸髾扸髯扸鬆扸鬎扸鬡扸鹈扸鬴扸鬼扸魏扸魢扸魵扸鮈扸鮛扸鮮扸鮶扸鮾扸鰛扸鯍扸鯕扸鹹扸鯝扸鯯扸鰂.lnk

< End of report >

OTL Extras logfile created on: 28-Feb-11 11:05:12 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Chang Min De\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.62 Gb Total Space | 227.33 Gb Free Space | 48.82% Space Free | Partition Type: NTFS

Computer Name: CHANGMINDE | User Name: Chang Min De | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器 -- (PPStream Inc)
"C:\Program Files\PS Software\PsLink.exe" = C:\Program Files\PS Software\PsLink.exe:*:Enabled:PsLink -- ()
"C:\Windows\PsMon.exe" = C:\Windows\PsMon.exe:*:Enabled:PsMonitor -- ()
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{058F6CF1-8E0E-229E-F89C-F0F69F86F87E}" = ATI Catalyst Install Manager
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE58FA1-0A43-94B7-9527-30FB30691AB3}" = Skins
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{499A37A3-9A0D-4929-AA3E-588FA230D66F}" = Garmin City Navigator Europe NT 2011.32 Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6056E2B9-D87C-3F7C-09AB-10237E8A17DF}" = ccc-utility
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B6415D9-DB3D-41AA-94A5-15393B09AB96}" = Skype Toolbars
"{6B76F16C-850D-4E53-B395-8C0690BA9018}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google 地球
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{840B82F2-172C-4E14-8996-77D766A965D8}" = Intel® PROSet/Wireless WiFi Software Driver
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86E281A2-789D-E9CD-2876-EEE146AC5E08}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F5F3634-4F0F-477D-AA79-25AEB425B517}" = PS Software
"{90140000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry Media Sync
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA5B1F20-3E6C-49C5-B7D2-B1F623C61EF4}" = Sound Blaster X-Fi Go!
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran鏰is, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - EFG
"{C07B86C3-1816-4C59-927E-0287925DFB96}" = Garmin City Navigator Europe NT 2010 Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.2
"{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}" = Intel Performance Power Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"blackberrymastercontrolprogram" = BlackBerry Master Control Program 1.0 Beta 2
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall
"Garena" = Garena 2010
"Geniesoft Overture_is1" = Geniesoft Overture v4.0.2.22
"HandBrake" = HandBrake 0.9.5
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Internet Download Manager" = Internet Download Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malfreemaps Garmin Map_is1" = MFM-Garmin 101213
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 13" = Maple 13
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NextVIEW Advisor Xcess_is1" = NextVIEW Advisor Xcess 7.1 Build 15
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.WORD" = Microsoft Word 2010
"PPStream" = PPS影音 V2.7.0.1208 正式版
"ProInst" = Intel PROSet Wireless
"Rapport_msi" = Rapport
"sp6" = Logitech SetPoint 6.20
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Dell Touchpad
"thunder_is1" = 迅雷5
"VLC media player" = VLC media player 1.1.6
"VLC Setup Helper_is1" = VLC Setup Helper 3.01
"Wi-Fi Sync" = Wi-Fi Sync
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ChartNexus" = ChartNexus
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24-Nov-10 7:46:53 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25-Nov-10 8:31:43 PM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 280: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 26-Nov-10 7:52:51 PM | Computer Name = ChangMinDe | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
time stamp: 0x4c7e0414 Faulting module name: EmbedDetectNow.dll, version: 1.0.1.45,
time stamp: 0x4c593c53 Exception code: 0xc0000005 Fault offset: 0x00018841 Faulting
process id: 0x28ec Faulting application start time: 0x01cb8dc501f01332 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll Report Id: 4736973a-f9b8-11df-bcff-002219fd0470

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 548: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 560: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 588: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 572: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 29-Nov-10 6:31:36 AM | Computer Name = ChangMinDe | Source = Bonjour Service | ID = 100
Description = 556: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ Media Center Events ]
Error - 15-Apr-10 9:16:32 PM | Computer Name = ChangMinDe-PC | Source = MCUpdate | ID = 0
Description = 09:16:31 - Error connecting to the internet. 09:16:31 - Unable
to contact server..

[ System Events ]
Error - 27-Feb-11 12:35:38 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 12:36:49 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 12:49:14 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 12:55:26 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 1:25:53 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 1:43:55 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 1:50:10 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 27-Feb-11 2:15:40 AM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 28-Feb-11 6:59:56 PM | Computer Name = ChangMinDe | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:58:21 on ?28/?02/?2011 was unexpected.

Error - 28-Feb-11 7:01:06 PM | Computer Name = ChangMinDe | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 28 February 2011 - 06:43 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Can you now run SystemLook to search for the scrobj.dll file

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *scrobj*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Now please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 28 February 2011 - 06:49 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.2 log created on 02282011_234921

#8 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 28 February 2011 - 06:52 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 23:49 on 28/02/2011 by Chang Min De
Administrator - Elevation successful

========== filefind ==========

Searching for "*scrobj*"
C:\$WINDOWS.~BT\Windows\System32\scrobj.dll --a---- 173568 bytes [02:52 14/07/2009] [02:52 14/07/2009] 2D542FEEEE1644365BCE3327E91A5798
C:\$WINDOWS.~BT\Windows\System32\en-US\scrobj.dll.mui --a---- 8704 bytes [02:52 14/07/2009] [02:52 14/07/2009] D51F8AADF0275159C6FBB3EA37BA6C94
C:\$WINDOWS.~BT\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8b02f732b8c73c0d\scrobj.dll.mui --a---- 8704 bytes [02:52 14/07/2009] [02:52 14/07/2009] D51F8AADF0275159C6FBB3EA37BA6C94
C:\$WINDOWS.~BT\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_483ea93961ad86ec\scrobj.dll --a---- 173568 bytes [02:52 14/07/2009] [02:52 14/07/2009] 2D542FEEEE1644365BCE3327E91A5798
C:\Windows\System32\scrobj.dll --a---- 173568 bytes [23:42 13/07/2009] [01:16 14/07/2009] DE3FFE7BCD0562FCDCFCF4073AFC82A1
C:\Windows\System32\en-US\scrobj.dll.mui --a---- 8704 bytes [04:55 14/07/2009] [02:07 14/07/2009] D51F8AADF0275159C6FBB3EA37BA6C94
C:\Windows\System32\zh-CN\scrobj.dll.mui --a---- 5120 bytes [01:12 21/11/2009] [19:51 13/07/2009] 26063381AD3B53B6C3B515A080E04B43
C:\Windows\System32\zh-TW\scrobj.dll.mui --a---- 5120 bytes [01:19 21/11/2009] [19:57 13/07/2009] A0512F8DF405B2CCDBDE24B056AC0F1A
C:\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8b02f732b8c73c0d\scrobj.dll.mui --a---- 8704 bytes [04:55 14/07/2009] [02:07 14/07/2009] D51F8AADF0275159C6FBB3EA37BA6C94
C:\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_ea8961a09fe9161f\scrobj.dll.mui --a---- 5120 bytes [01:12 21/11/2009] [19:51 13/07/2009] 26063381AD3B53B6C3B515A080E04B43
C:\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_ee859ef69d59f28f\scrobj.dll.mui --a---- 5120 bytes [01:19 21/11/2009] [19:57 13/07/2009] A0512F8DF405B2CCDBDE24B056AC0F1A
C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_483ea93961ad86ec\scrobj.dll --a---- 173568 bytes [23:42 13/07/2009] [01:16 14/07/2009] DE3FFE7BCD0562FCDCFCF4073AFC82A1

-= EOF =-

#9 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 28 February 2011 - 08:31 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5908

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

01-Mar-11 1:18:25 AM
mbam-log-2011-03-01 (01-18-25).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 392760
Time elapsed: 1 hour(s), 25 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 28 February 2011 - 09:22 PM

I think this is a system issue. I know you ran sfc scannow with boopme on the other thread and he suggests you have a malware issue which has damaged the registry but I haven't found any evidence of that on any of the logs. The symptoms you have listed all seem to be rooted in the system itself.

It sounds like an upgrade reinstall might be the way to go (this is a repair install which keeps your folders/files intact.)

I suggest that we make sure there's no trace of any malware before I reluctantly send you over to the Windows 7 forum

Run ESET's online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 01 March 2011 - 04:08 AM

C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\78d6980a-32b8c46f Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-651792b8 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-2c05fdf6 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-565a27cf Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-570a9206 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-53dcc9ef Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-170f39ea Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Chang Min De\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-49721714 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Chang Min De\DoctorWeb\Quarantine\5473416c-1889e690 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Chang Min De\Downloads\Programs\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 01 March 2011 - 05:37 AM

Some historic evidence of a trojan so please run Combofix so we can be sure

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 01 March 2011 - 01:09 PM

ComboFix 11-02-28.07 - Chang Min De 01-Mar-11 21:26:21.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3037.1605 [GMT 0:00]
Running from: c:\users\Chang Min De\Desktop\comfix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\mmc.exe . . . is infected!!

c:\windows\system32\d3d8.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 21:46 . 2011-03-01 21:46 -------- d-----w- c:\users\MinDe\AppData\Local\temp
2011-03-01 21:46 . 2011-03-01 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 18:06 . 2011-03-01 21:46 -------- d-----w- c:\users\Chang Min De\AppData\Local\temp
2011-03-01 10:21 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30DB688D-0A16-4AC9-B7A3-5B1B60A6E8B5}\mpengine.dll
2011-03-01 03:09 . 2011-03-01 03:09 -------- d-----w- c:\program files\ESET
2011-02-28 23:49 . 2011-02-28 23:49 -------- d-----w- C:\_OTL
2011-02-25 15:18 . 2011-02-25 17:51 -------- d-----w- C:\$UPGRADE.~OS
2011-02-23 13:39 . 2011-02-26 03:55 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 13:39 . 2011-02-23 13:47 -------- d-----w- C:\5e3d6fe7e69a64685c0ce0d35eadec
2011-02-23 13:38 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 12:45 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 12:45 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 01:56 . 2011-02-23 01:56 -------- d-----w- c:\program files\Phyxion.net
2011-02-23 00:26 . 2011-02-23 00:26 -------- d-----w- c:\users\Chang Min De\AppData\Roaming\SUPERAntiSpyware.com
2011-02-23 00:26 . 2011-02-23 00:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-23 00:26 . 2011-02-26 03:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-22 21:05 . 2000-05-11 01:00 90112 ----a-w- c:\windows\Updreg.EXE
2011-02-22 21:05 . 2003-06-12 23:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-02-22 21:04 . 2009-06-04 17:49 806272 ----a-w- c:\windows\system32\drivers\ksaud.sys
2011-02-22 21:04 . 2009-05-29 11:33 164864 ----a-w- c:\windows\system32\KSVSPI32.dll
2011-02-22 21:04 . 2009-05-25 11:08 47104 ----a-w- c:\windows\system32\KSPPLD32.dll
2011-02-22 21:04 . 2009-05-25 11:08 507392 ----a-w- c:\windows\system32\KSAPO32.dll
2011-02-22 21:04 . 2009-05-25 10:51 98816 ----a-w- c:\windows\system32\SBAVMon.dll
2011-02-22 21:04 . 2009-05-21 17:38 186880 ----a-w- c:\windows\system32\KsDvInst.dll
2011-02-22 21:04 . 2009-04-20 17:52 600402 ----a-w- c:\windows\KSAIM32.exe
2011-02-22 21:04 . 2009-04-16 18:10 327680 ----a-w- c:\windows\system32\JDetect.exe
2011-02-22 21:04 . 2008-11-06 11:47 8096 ----a-w- c:\windows\system32\MixerDefault.reg
2011-02-22 21:04 . 2007-12-11 18:47 23292 ----a-w- c:\windows\ksaudENG.reg
2011-02-22 21:04 . 2007-07-05 10:27 2630 ----a-w- c:\windows\MixerName.reg
2011-02-22 10:20 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 10:19 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 03:34 . 2011-02-26 04:01 -------- d-----w- c:\users\Chang Min De\DoctorWeb
2011-02-17 15:45 . 2011-02-17 15:45 -------- d-----w- c:\users\Chang Min De\AppData\Roaming\Malwarebytes
2011-02-17 15:45 . 2011-02-17 15:45 -------- d-----w- c:\programdata\Malwarebytes
2011-02-17 15:45 . 2011-02-26 03:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-17 15:00 . 2011-03-01 17:34 -------- d-----w- C:\ComboFix
2011-02-16 10:34 . 2011-02-26 03:51 -------- d-----w- c:\program files\Feedback Tool
2011-02-12 14:55 . 2011-02-26 03:51 -------- d-----w- c:\program files\Common Files\Skype
2011-02-10 03:05 . 2011-02-10 03:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-02-10 03:05 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-10 03:05 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-09 15:10 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 15:10 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 15:10 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 15:10 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:10 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 15:10 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 15:10 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 15:09 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-09 15:09 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-09 15:09 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-09 15:09 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-09 15:09 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-09 15:09 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-09 15:09 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-09 15:09 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-09 15:09 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-09 15:09 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-06 19:24 . 2011-02-06 19:24 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-06 19:24 . 2011-02-06 19:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-06 19:24 . 2011-02-06 19:24 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-01 14:37 . 2011-01-25 10:40 85768 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-01-31 21:58 . 2011-02-26 03:51 -------- d-----w- c:\program files\iPod
2011-01-31 21:52 . 2011-02-26 03:52 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 21:04 . 2011-01-19 01:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-22 21:04 . 2011-01-19 01:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-02 17:11 . 2009-11-21 00:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 20:18 . 2007-03-21 21:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-21 15:43 . 2011-01-21 15:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 22:51 . 2011-01-20 22:51 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-05 19:02 . 2011-01-05 19:02 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-12-25 06:58 . 2010-12-25 07:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-24 20:13 . 2010-12-24 20:13 0 ----a-w- c:\windows\system32\drivers\OLD9EC.tmp
2010-12-24 08:47 . 2010-12-24 08:47 69632 ----a-r- c:\users\Chang Min De\AppData\Roaming\Microsoft\Installer\{6B76F16C-850D-4E53-B395-8C0690BA9018}\BlackBerry.exe
2010-12-23 19:09 . 2010-12-23 19:00 84720 ----a-w- c:\windows\system32\drivers\SET9BC.tmp
2010-12-18 04:56 . 2010-12-18 04:56 53248 ----a-r- c:\users\Chang Min De\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-18 04:55 . 2010-12-18 04:55 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-12-08 13:12 . 2011-01-18 01:25 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 13:11 . 2011-01-18 01:25 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 13:11 . 2011-01-18 01:25 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 13:11 . 2011-01-18 01:25 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-12-03 09:05 . 2011-01-21 15:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2006-06-15 20:33 . 2009-11-25 23:38 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-11-25 23:38 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-11-25 23:38 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-11-25 23:38 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-11-25 23:38 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-11-25 23:38 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-11-25 23:38 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-11-25 23:38 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-11-25 23:38 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-11-25 23:38 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}]
2010-08-04 10:10 227024 ----a-w- c:\program files\Thunder Network\Thunder\Program\EmbedDetectNow.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-02-01 3265944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-02-04 15052168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-27 352976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-21 495708]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 98816]
"Wi-Fi Sync"="c:\program files\Wi-Fi Sync\wifisync.exe" [2010-05-27 373248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PS-Link.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PS-Link.lnk
backup=c:\windows\pss\PS-Link.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Chang Min De^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Chang Min De\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Chang Min De^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Chang Min De\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Chang Min De^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]
path=c:\users\Chang Min De\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 22:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 02:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 14:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!Chang Min De!AppData!Local!Google!Chrome!User Data_service_run]
2011-02-24 23:35 1004088 ----a-w- c:\users\Chang Min De\AppData\Local\Google\Chrome\Application\chrome.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-23 10:18 135664 ----atw- c:\users\Chang Min De\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 15:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- c:\program files\PPStream\PPSAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 05:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-09-30 8192]
R3 BusRMUSB;Remote USB Bus;c:\windows\system32\DRIVERS\BusRMUSB.sys [2007-08-23 44544]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-22 79360]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 232832]
R3 GarenaPEngine;GarenaPEngine;c:\users\CHANGM~1\AppData\Local\Temp\VRD2A86.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;g:\garena\safedrv.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-06-04 806272]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-01-05 53816]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-22 691696]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 RapportCerberus_22705;RapportCerberus_22705;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_22705.sys [2011-01-05 47928]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-01-05 63160]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-01-05 156344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe [2009-03-03 81920]
S2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe [2011-01-07 234784]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 176128]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-01-05 821048]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 29472]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-07-30 343592]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-09 280096]
S3 RapportIaso;RapportIaso;c:\programdata\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys [2011-01-15 12928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 22:31]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 22:31]

2011-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647009739-2770278754-2313620513-1000Core.job
- c:\users\Chang Min De\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 10:18]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647009739-2770278754-2313620513-1000UA.job
- c:\users\Chang Min De\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: ????3??
IE: ????3??????
IE: ??????
IE: ????????
IE: ??????????
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ????3?? - c:\users\Chang Min De\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Chang Min De\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: ???????? - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Chang Min De\AppData\Roaming\Mozilla\Firefox\Profiles\009isbxn.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.ftp - 91.103.185.182
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 91.103.185.182
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 91.103.185.182
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 91.103.185.182
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 91.103.185.182
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Fasterfox: {c36177c0-224a-11da-8cd6-0800200c9a91} - %profile%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Chang Min De\AppData\Roaming\IDM\idmmzcc3
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\CHANGM~1\AppData\Local\Temp\VRD2A86.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3647009739-2770278754-2313620513-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Chang Min De\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-3647009739-2770278754-2313620513-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQèþ”¥c]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Chang Min De\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-3647009739-2770278754-2313620513-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):44,48,0c,7b,3c,5d,de,54,9a,a4,9d,49,96,d9,4a,46,3e,6a,87,07,32,
bc,dd,4f,ae,a4,86,dc,ae,da,1f,d7,fb,6a,06,a4,54,8e,6b,69,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3647009739-2770278754-2313620513-1000_Classes\CLSID\{a0d3dcac-f108-4297-a229-4e06c0fbbc57}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000050
"Therad"=dword:0000001b
"MData"=hex(0):b5,d1,19,dd,01,2a,6a,af,95,50,43,f9,14,96,9f,c7,7a,61,9c,11,7c,
df,88,b0,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-01 21:48:32
ComboFix-quarantined-files.txt 2011-03-01 21:48
ComboFix2.txt 2011-03-01 18:06

Pre-Run: 246,791,675,904 bytes free
Post-Run: 246,720,184,320 bytes free

- - End Of File - - 75E67DF312CE849FE09B171360FDF8CB

Edited by minde, 01 March 2011 - 05:24 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:05 PM

Posted 03 March 2011 - 05:12 PM

Let's check the "infected" files

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\System32\mmc.exe
c:\windows\system32\d3d8.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal
Posted Image
m0le is a proud member of UNITE

#15 minde

minde
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London , United Kingdom
  • Local time:08:05 PM

Posted 03 March 2011 - 06:11 PM

All virus scan shows no virus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users