Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome and firefox redirects back to google or website unavailable page


  • This topic is locked This topic is locked
16 replies to this topic

#1 heretic_guy

heretic_guy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2011 - 09:50 AM

Dear awesome powers, facing a number of problems with laptop atm. i will began by describing the symptoms, followed by previous solutions tried. Appreciate any provision of assistance provided.

I mainly use chrome or firefox on my vista system. Over the last few week i've had to reboot my computer after every use as it slows down significantly after a few hours of usage, While surfing the internet, the search bar redirects me back to google or displays a website unavailable for a couple of instances before working fine again. Lastly, box ads pops up on the bottom right of the screen every few hrs.

For solutions garnered over the internet, i've tried the latest versions of tdsskiller.exe, Malwarebytes, AVG, Karpersky. All the above have been attempted to no avail.

Defogger have been used to disable emulation before i proceed. I have attached the ark and attach text files and the Dns file is as per below:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6000.17037
Run by Liu at 23:47:56 on 2011-06-20
Microsoft Windows Vista Home Basic 6.0.6000.0.1252.61.1033.18.2045.498 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SecureW2\sw2_service.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\pipi\jfCacheMgr.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ico.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Liu\Desktop\Virus Removal Tool\setup_9.0.0.722_20.06.2011_12-56\setup_9.0.0.722_20.06.2011_12-56.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
BHO: PIPI Link Helper: {1a3440c6-f123-4cab-84ee-c814e1ae0d8f} - c:\program files\pipi\JfCheck.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GdfrDUEn Class: {a3cf7606-e683-4375-a372-96b75da0aef7} - c:\program files\get styles\enlbrdr.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\liu\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PMX Daemon] ICO.EXE
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [<NO NAME>]
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SecureW2 Tray] c:\program files\securew2\sw2_tray.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\liu\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\liu\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\liu\desktop\virus removal tool\setup_9.0.0.722_20.06.2011_12-56\startup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: ????3??
IE: ????3??????
IE: ʹÿ쳵3 - c:\users\liu\appdata\roaming\flashgetbho\GetUrl.htm
IE: ʹÿ쳵3ȫ - c:\users\liu\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: ????3?? - c:\users\liu\appdata\roaming\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\program files\flashget network\flashget 3\GetAllFlvUrl.htm
IE: ????3?????? - c:\users\liu\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg6.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-sg.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 150.203.1.10 150.203.22.28
TCP: Interfaces\{2008BFA5-AD20-42F1-8559-0291E0E43884} : DhcpNameServer = 150.203.1.10 150.203.22.28
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\liu\appdata\roaming\mozilla\firefox\profiles\eexh7sdz.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe..
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\liu\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 29359582;29359582 Boot Guard Driver;c:\windows\system32\drivers\29359582.sys [2011-6-20 37392]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 29359581;29359581;c:\windows\system32\drivers\29359581.sys [2011-6-20 128016]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 setup_9.0.0.722_20.06.2011_12-56drv;setup_9.0.0.722_20.06.2011_12-56drv;c:\windows\system32\drivers\2935958.sys [2011-6-20 311312]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-11 179712]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2008-1-11 29184]
S3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2008-1-11 36352]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2008-1-11 13824]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-11 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-11 19008]
.
=============== Created Last 30 ================
.
2011-06-20 13:00:32 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-20 12:59:03 37392 ----a-w- c:\windows\system32\drivers\29359582.sys
2011-06-20 12:59:03 311312 ----a-w- c:\windows\system32\drivers\2935958.sys
2011-06-20 12:59:03 128016 ----a-w- c:\windows\system32\drivers\29359581.sys
2011-06-17 22:20:06 -------- d-----w- c:\users\liu\appdata\roaming\Red Kawa
2011-06-17 22:15:38 -------- d-----w- c:\users\liu\appdata\local\Geckofx
2011-06-17 22:15:01 -------- d-----w- c:\program files\AviSynth 2.5
2011-06-17 22:14:51 -------- d-----w- c:\program files\Red Kawa
2011-06-16 23:16:27 -------- d-----w- c:\programdata\Skype Extras
2011-06-08 03:25:00 -------- d--h--w- C:\$AVG
2011-06-08 03:24:10 -------- d-----w- c:\users\liu\appdata\roaming\AVG10
2011-06-08 03:23:34 -------- d--h--w- c:\programdata\Common Files
2011-06-08 03:21:17 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-08 03:21:17 -------- d-----w- c:\programdata\AVG10
2011-06-08 03:19:01 -------- d-----w- c:\program files\AVG
2011-06-08 03:16:13 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 03:16:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 03:16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-08 03:11:05 -------- d-----w- c:\programdata\MFAData
2011-06-07 11:01:58 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a0d7255a-3511-4fc8-bb1d-6512e6f32fbd}\mpengine.dll
.
==================== Find3M ====================
.
2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:49:35.24 ===============

Regards.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 28 June 2011 - 06:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 28 June 2011 - 08:51 PM

Awesome, am awaiting further instructions. Fire away !

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 29 June 2011 - 05:13 PM

This isn't a usual malware redirect. Normally they send you to worse sites than Google.

However, I may be able to fix the problem, so please run OTL, a scanner which we can use to alter settings

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 30 June 2011 - 09:57 AM

OTL logfile created on: 7/1/2011 12:50:25 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Liu\Documents\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.23% Memory free
4.22 Gb Paging File | 2.55 Gb Available in Paging File | 60.47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.58 Gb Total Space | 21.44 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.17 Gb Free Space | 58.37% Space Free | Partition Type: NTFS
Drive F: | 41.13 Gb Total Space | 5.75 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.76 Gb Total Space | 75.66 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive J: | 297.44 Gb Total Space | 7.77 Gb Free Space | 2.61% Space Free | Partition Type: NTFS

Computer Name: LIU-PC | User Name: Liu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Liu\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\pipi\jfCacheMgr.exe (皮皮科技)
PRC - C:\Program Files\SecureW2\sw2_service.exe (SecureW2 B.V.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Liu\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (B-Service) -- C:\Users\Liu\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PIPIStartSvr) -- C:\Program Files\pipi\PIPIStartSvr.exe (PIPI)
SRV - (SW2SVC) -- C:\Program Files\SecureW2\sw2_service.exe (SecureW2 B.V.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (BthFilterHelper) -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe (CSR, plc)


========== Driver Services (SafeList) ==========

DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\mremp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\mresp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (BTHFILT) -- C:\Windows\System32\drivers\BthFilt.sys (CSR, plc)
DRV - (bthav) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (CSRBC) -- C:\Windows\System32\drivers\csrbcxp.sys (CSR, plc)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\Windows\System32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.aspx?c=sg&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: bejeweledblitz3cheat@thecybershadow.net:2.3
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.7
FF - prefs.js..extensions.enabledItems: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe.."
FF - prefs.js..keyword.enabled: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/09 03:02:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/19 01:16:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 21:49:57 | 000,000,000 | ---D | M]

[2009/05/22 10:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liu\AppData\Roaming\Mozilla\Extensions
[2009/05/22 10:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/29 12:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions
[2011/03/16 18:37:33 | 000,000,000 | ---D | M] ("Get Styles") -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2011/06/15 18:48:15 | 000,000,000 | ---D | M] ("Usage Stat") -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/05/27 10:51:44 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010/06/28 21:48:03 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2011/03/16 18:13:41 | 000,000,000 | ---D | M] (KFD Flv) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
[2011/06/12 20:30:06 | 000,000,000 | ---D | M] (VFD Flv) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
[2010/02/12 04:33:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/24 20:54:27 | 000,000,000 | ---D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2009/06/23 17:52:52 | 000,002,749 | ---- | M] () -- C:\Users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\searchplugins\cuil.xml
[2011/06/20 22:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 13:05:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/10 02:05:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/05/12 16:53:46 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Program Files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2009/05/22 10:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2009/09/09 03:02:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/04/02 13:05:19 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2010/04/02 13:05:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/03/22 06:28:46 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/03/22 06:29:06 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/02 13:05:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/03/25 15:35:21 | 000,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/03/19 01:16:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/03/25 15:35:27 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/03/25 15:35:18 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/03/10 09:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/30 17:24:20 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 17:24:20 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 09:32:38 | 000,001,340 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/07/30 17:24:20 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 17:24:20 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 17:24:20 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 17:24:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 17:24:20 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/02/19 10:06:54 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Liu\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: ʹÿ쳵3 - C:\Users\Liu\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: ʹÿ쳵3ȫ - C:\Users\Liu\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Liu\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Liu\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg6.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.com/books/_Players/AccountingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-sg.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 150.203.1.10 150.203.22.28
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 07:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0630b6d1-0363-11df-aa77-fab31019ab2a}\Shell - "" = AutoRun
O33 - MountPoints2\{0630b6d1-0363-11df-aa77-fab31019ab2a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2cd7f476-1e5d-11dd-b433-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{2cd7f476-1e5d-11dd-b433-001e3780df9d}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{53be592a-a207-11dd-b7f9-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{53be592a-a207-11dd-b7f9-001e3780df9d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{53be592b-a207-11dd-b7f9-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{53be592b-a207-11dd-b7f9-001e3780df9d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{53be5930-a207-11dd-b7f9-c53d7ba67ea3}\Shell - "" = AutoRun
O33 - MountPoints2\{53be5930-a207-11dd-b7f9-c53d7ba67ea3}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{53be5931-a207-11dd-b7f9-c53d7ba67ea3}\Shell - "" = AutoRun
O33 - MountPoints2\{53be5931-a207-11dd-b7f9-c53d7ba67ea3}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{53be593f-a207-11dd-b7f9-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{53be593f-a207-11dd-b7f9-001e3780df9d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{75caed15-feaf-11dc-8428-001c232b412c}\Shell - "" = AutoRun
O33 - MountPoints2\{75caed15-feaf-11dc-8428-001c232b412c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{842ac0e0-dba1-11dd-9cec-da12a589d315}\Shell\Auto\command - "" = Ghost.pif
O33 - MountPoints2\{842ac0e0-dba1-11dd-9cec-da12a589d315}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif
O33 - MountPoints2\{8a5bec5b-cb5f-11dd-96e8-a9cdc2494d3d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a5bec5b-cb5f-11dd-96e8-a9cdc2494d3d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a4e0188e-1b57-11dd-8578-001e3780df9d}\Shell\AutoRun\command - "" = RavMon.exe
O33 - MountPoints2\{a4e0188e-1b57-11dd-8578-001e3780df9d}\Shell\explore\Command - "" = RavMon.exe -e
O33 - MountPoints2\{a4e0188e-1b57-11dd-8578-001e3780df9d}\Shell\open\Command - "" = RavMon.exe
O33 - MountPoints2\{ac9307c0-1c0c-11df-b16d-9fd1bb2c519e}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9307c0-1c0c-11df-b16d-9fd1bb2c519e}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/11/14 05:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\{b294b313-abb7-11dd-a1a8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b294b313-abb7-11dd-a1a8-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b294b315-abb7-11dd-a1a8-806e6f6e6963}\Shell - "" = Autorun
O33 - MountPoints2\{b294b315-abb7-11dd-a1a8-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\resycled\boot.com e:
O33 - MountPoints2\{b294b315-abb7-11dd-a1a8-806e6f6e6963}\Shell\Open\command - "" = I:\resycled\boot.com e:
O33 - MountPoints2\{b2da71d1-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da71d1-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b2da7329-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da7329-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2da7341-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da7341-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b2da7350-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da7350-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2da7354-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da7354-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b2da73b0-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da73b0-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2da73b2-df94-11dc-9824-001e3780df9d}\Shell - "" = AutoRun
O33 - MountPoints2\{b2da73b2-df94-11dc-9824-001e3780df9d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d26bd7e0-e912-11dc-9392-001e3780df9d}\Shell\AutoRun\command - "" = 6.bat
O33 - MountPoints2\{d26bd7e0-e912-11dc-9392-001e3780df9d}\Shell\explore\Command - "" = 6.bat
O33 - MountPoints2\{d26bd7e0-e912-11dc-9392-001e3780df9d}\Shell\open\Command - "" = 6.bat
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 09:03:54 | 004,131,325 | ---- | C] (Swearware) -- C:\Users\Liu\Desktop\ComboFix.exe
[2011/06/21 00:15:08 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Liu\Desktop\tdsskiller.exe
[2011/06/20 23:56:45 | 000,000,000 | ---D | C] -- C:\Users\Liu\Desktop\gmer
[2011/06/20 23:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/20 22:19:41 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Liu\Desktop\esetsmartinstaller_enu.exe
[2011/06/20 21:33:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Liu\Desktop\dds.scr
[2011/06/20 21:10:00 | 099,220,248 | ---- | C] ( ) -- C:\Users\Liu\Desktop\setup_9.0.0.722_20.06.2011_12-56.exe
[2011/06/20 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Liu\Desktop\tdsskiller
[2011/06/18 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Liu\Documents\Red Kawa
[2011/06/18 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Liu\AppData\Roaming\Red Kawa
[2011/06/18 08:15:38 | 000,000,000 | ---D | C] -- C:\Users\Liu\AppData\Local\Geckofx
[2011/06/18 08:15:02 | 000,000,000 | ---D | C] -- C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/06/18 08:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/06/18 08:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/06/18 08:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
[2011/06/18 08:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2011/06/17 09:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/17 09:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/17 09:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/08 13:25:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/06/08 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Liu\AppData\Roaming\AVG10
[2011/06/08 13:23:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/08 13:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/08 13:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/08 13:21:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/06/08 13:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/08 13:16:13 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/08 13:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/08 13:16:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/08 13:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/08 13:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 00:53:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 00:37:09 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 00:37:09 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 00:37:05 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2C7DC052-0128-4750-B0BE-48592229301E}.job
[2011/07/01 00:17:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\multbp.cfg
[2011/06/30 20:37:42 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/30 20:37:40 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/30 20:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 08:43:16 | 120,387,160 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/30 01:53:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/29 19:24:01 | 000,031,744 | ---- | M] () -- C:\Users\Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 11:48:22 | 000,000,000 | ---- | M] () -- C:\Users\Liu\AppData\Local\WavXMapDrive.bat
[2011/06/29 11:43:44 | 000,667,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/29 11:43:44 | 000,125,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/29 11:38:29 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/29 03:30:48 | 176,937,666 | ---- | M] () -- C:\Users\Liu\Desktop\LearnedfromTV2wmv9.wmv
[2011/06/29 03:07:23 | 058,821,680 | ---- | M] () -- C:\Users\Liu\Desktop\LearnedfromTVpart3wmv.wmv
[2011/06/28 09:37:14 | 000,010,095 | ---- | M] () -- C:\Users\Liu\Desktop\LFTVsummary1.odt
[2011/06/27 13:05:18 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/27 11:20:34 | 000,028,895 | ---- | M] () -- C:\Users\Liu\Desktop\powpow.jpg
[2011/06/24 18:39:05 | 000,252,379 | ---- | M] () -- C:\Users\Liu\Desktop\Image.jpg
[2011/06/24 08:05:41 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/21 10:08:25 | 075,276,696 | ---- | M] () -- C:\Users\Liu\Desktop\LearnedfromTV_PLO_20100422_(2114)_drm.wmv
[2011/06/21 09:06:50 | 004,131,325 | ---- | M] (Swearware) -- C:\Users\Liu\Desktop\ComboFix.exe
[2011/06/21 09:05:54 | 001,402,880 | ---- | M] () -- C:\Users\Liu\Desktop\HiJackThis.msi
[2011/06/21 00:15:43 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Liu\Desktop\tdsskiller.exe
[2011/06/20 23:55:50 | 000,293,977 | ---- | M] () -- C:\Users\Liu\Desktop\gmer.zip
[2011/06/20 23:47:19 | 000,000,000 | ---- | M] () -- C:\Users\Liu\defogger_reenable
[2011/06/20 22:20:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Liu\Desktop\esetsmartinstaller_enu.exe
[2011/06/20 21:37:31 | 099,220,248 | ---- | M] ( ) -- C:\Users\Liu\Desktop\setup_9.0.0.722_20.06.2011_12-56.exe
[2011/06/20 21:34:31 | 000,139,264 | ---- | M] () -- C:\Users\Liu\Desktop\RKUnhookerLE.EXE
[2011/06/20 21:34:05 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Liu\Desktop\dds.scr
[2011/06/20 21:32:18 | 000,050,477 | ---- | M] () -- C:\Users\Liu\Desktop\Defogger.exe
[2011/06/20 20:58:11 | 001,309,375 | ---- | M] () -- C:\Users\Liu\Desktop\tdsskiller.zip
[2011/06/15 22:19:14 | 000,274,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/11 09:57:02 | 000,000,680 | ---- | M] () -- C:\Users\Liu\AppData\Local\d3d9caps.dat
[2011/06/08 13:16:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 08:43:16 | 120,387,160 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/29 02:47:09 | 176,937,666 | ---- | C] () -- C:\Users\Liu\Desktop\LearnedfromTV2wmv9.wmv
[2011/06/29 02:46:26 | 058,821,680 | ---- | C] () -- C:\Users\Liu\Desktop\LearnedfromTVpart3wmv.wmv
[2011/06/28 08:24:54 | 000,010,095 | ---- | C] () -- C:\Users\Liu\Desktop\LFTVsummary1.odt
[2011/06/27 11:20:33 | 000,028,895 | ---- | C] () -- C:\Users\Liu\Desktop\powpow.jpg
[2011/06/24 18:37:24 | 000,252,379 | ---- | C] () -- C:\Users\Liu\Desktop\Image.jpg
[2011/06/21 09:26:42 | 075,276,696 | ---- | C] () -- C:\Users\Liu\Desktop\LearnedfromTV_PLO_20100422_(2114)_drm.wmv
[2011/06/21 09:05:53 | 001,402,880 | ---- | C] () -- C:\Users\Liu\Desktop\HiJackThis.msi
[2011/06/20 23:55:37 | 000,293,977 | ---- | C] () -- C:\Users\Liu\Desktop\gmer.zip
[2011/06/20 23:47:19 | 000,000,000 | ---- | C] () -- C:\Users\Liu\defogger_reenable
[2011/06/20 21:34:07 | 000,139,264 | ---- | C] () -- C:\Users\Liu\Desktop\RKUnhookerLE.EXE
[2011/06/20 21:32:11 | 000,050,477 | ---- | C] () -- C:\Users\Liu\Desktop\Defogger.exe
[2011/06/20 20:57:37 | 001,309,375 | ---- | C] () -- C:\Users\Liu\Desktop\tdsskiller.zip
[2011/06/15 22:18:51 | 2145,353,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/08 13:23:19 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/08 13:16:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/03 19:45:45 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/11/10 01:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 01:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 01:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 01:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/06/28 10:59:28 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/12 16:53:44 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/05/12 16:53:29 | 000,002,063 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2010/05/12 16:53:29 | 000,000,468 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/02/11 17:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll
[2010/02/11 15:36:41 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/11 15:36:41 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/11 15:34:01 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010/02/11 15:34:01 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2010/02/11 15:34:01 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2010/02/11 15:34:01 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2010/02/11 15:34:00 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010/02/11 15:34:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2010/02/11 15:33:59 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2010/01/29 18:58:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/28 01:45:46 | 000,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/28 01:45:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/28 01:45:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/28 01:45:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/19 01:38:15 | 000,005,086 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2008/12/22 14:59:26 | 000,025,312 | ---- | C] () -- C:\Windows\System32\DivXVfWCodec.dll
[2008/12/22 14:59:24 | 000,025,312 | ---- | C] () -- C:\Windows\System32\SamsungVfWCodec.dll
[2008/12/22 14:59:08 | 000,447,200 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/12/22 14:52:02 | 000,066,272 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2008/10/18 20:08:59 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2008/10/18 20:08:59 | 000,000,041 | ---- | C] () -- C:\Windows\MYOB.INI
[2008/10/18 19:53:03 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/20 18:13:18 | 000,000,680 | ---- | C] () -- C:\Users\Liu\AppData\Local\d3d9caps.dat
[2008/06/06 12:43:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/06/06 12:43:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/04/19 01:00:43 | 000,067,184 | ---- | C] () -- C:\Windows\System32\CMListControl.dll
[2008/04/01 07:25:46 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/03/25 15:36:06 | 000,000,059 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/03/22 06:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/22 06:28:20 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/26 21:05:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/05 02:53:18 | 000,031,744 | ---- | C] () -- C:\Users\Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 00:21:14 | 000,012,931 | ---- | C] () -- C:\Users\Liu\AppData\Roaming\nvModes.001
[2008/02/03 19:38:37 | 000,012,931 | ---- | C] () -- C:\Users\Liu\AppData\Roaming\nvModes.dat
[2008/02/01 21:08:11 | 000,000,000 | ---- | C] () -- C:\Users\Liu\AppData\Local\WavXMapDrive.bat
[2008/01/11 14:12:51 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/01/11 14:12:48 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2008/01/11 14:12:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2008/01/11 14:04:47 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2008/01/11 14:01:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FontZoom.exe
[2008/01/11 14:01:51 | 000,131,070 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2008/01/11 14:00:38 | 000,000,836 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/09/13 16:32:36 | 000,176,128 | ---- | C] () -- C:\Windows\System32\CacheFP.exe
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2006/11/11 08:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/08 05:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 22:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:44:53 | 000,274,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 000,667,800 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,125,538 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 17:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 17:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/05/05 17:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== LOP Check ==========

[2011/06/27 23:41:22 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\ApexDC++
[2010/10/21 00:17:09 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\AstroMenace
[2011/06/08 13:24:10 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\AVG10
[2011/06/15 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Azureus
[2011/06/15 22:22:59 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\BITS
[2009/11/01 18:44:37 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\BraCa_Soft
[2010/12/30 09:14:16 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Canon
[2009/07/09 19:23:05 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\DAEMON Tools
[2010/12/26 22:43:45 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\DMCache
[2010/02/11 00:24:54 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Facebook
[2011/03/06 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\FlashGet
[2010/05/12 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\FlashGetBHO
[2010/05/12 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\FlashgetSetup
[2010/10/17 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\FrostWire
[2011/05/30 15:09:30 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\ImgBurn
[2011/05/16 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\InfraRecorder
[2010/02/11 05:36:28 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/05/12 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Maxthon2
[2011/05/10 02:40:38 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Mikogo
[2011/05/10 02:10:07 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\OpenOffice.org
[2011/06/25 15:00:54 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\PIPI
[2008/10/21 02:06:24 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Red Chair Software
[2011/06/18 08:20:06 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Red Kawa
[2009/12/17 19:28:22 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\SharePod
[2010/11/07 06:54:49 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Sports Interactive
[2010/02/23 23:38:03 | 000,000,000 | ---D | M] -- C:\Users\Liu\AppData\Roaming\Western Digital
[2011/06/27 13:05:22 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/01 00:37:05 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7DC052-0128-4750-B0BE-48592229301E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >









OTL Extras logfile created on: 7/1/2011 12:50:25 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Liu\Documents\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.23% Memory free
4.22 Gb Paging File | 2.55 Gb Available in Paging File | 60.47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.58 Gb Total Space | 21.44 Gb Free Space | 31.26% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.17 Gb Free Space | 58.37% Space Free | Partition Type: NTFS
Drive F: | 41.13 Gb Total Space | 5.75 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.76 Gb Total Space | 75.66 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive J: | 297.44 Gb Total Space | 7.77 Gb Free Space | 2.61% Space Free | Partition Type: NTFS

Computer Name: LIU-PC | User Name: Liu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC87E17-6D49-4329-AEA1-C0145C04AB1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{140C2AA6-EF3C-4C29-9B00-B3F7B3BDA387}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B9FF10B-6EEC-4FB6-A1FF-B941A35E63C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F6DC0E3-3A5A-4D73-9DFB-C90651E79AE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{357B677A-2476-40EC-A8D7-BE103DCFD51B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{387071A6-3F6F-4B30-AED8-E446A8573914}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7103D3-1D98-45E1-8C95-EF4D6A633E4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FC06140-406A-4859-B6A5-0BCA9BAAF47D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{401ED865-F5E3-4366-AE1C-9836E778D810}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{45487D51-1FE9-44D7-82C6-60612E67F935}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54D229EA-8DCD-43AC-9064-A28658C0A0E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E41CCD0-2523-431F-8C1A-EEBB667F1989}" = rport=138 | protocol=17 | dir=out | app=system |
"{6314E842-3877-4F72-94EF-E9B053549EB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F103D30-BBD1-4D48-90E0-D8CFA1112CCE}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{72D4DB88-62A0-4A81-BA01-409B90FE824E}" = rport=137 | protocol=17 | dir=out | app=system |
"{78B3F6C6-B2AD-4EF0-9397-FE6D0182B5A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F2C91FB-31F8-4969-8D93-9F64C684BEAB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8A53D5A1-9EFC-4BBC-ACC4-E66165204D37}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{93F1A48E-DB32-4CF4-B219-D57D2DDBE6EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95F8794C-7FD8-4916-8443-FAC758ADA2D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B7F7402C-879A-447C-ACFD-FCC4DDA4AE05}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA6432C4-75F5-44A6-90BC-B797AB9BA4D1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C34DE7E0-AB16-4230-837B-DB4566EA9418}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C8D01F51-F11D-4669-ABDC-9B8A38EEB55F}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9DD328B-F369-46CC-AB86-1384E3FAD248}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F72B657D-4FE3-4CD7-8C5E-367E55F43D02}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089759F1-6F2A-4B85-9F4D-91B9C3C7C4FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A265541-965E-457D-90EF-2A15063CDCB7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0B2673EA-4BA3-4F3B-B298-7DEF70A20972}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0C9950F8-48E4-4B36-8207-876597276380}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{109A0FA8-FDEC-4F6B-8115-6322D5C9520C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{109EC2A2-15F7-44E8-AA79-43DF398DA262}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10A9B5B9-AB99-4BBF-87A6-0BA5FA691F45}" = protocol=17 | dir=in | app=c:\windows\system32\skcbgm.exe |
"{1207D5E8-5EEB-4388-B4CE-8762FA7C349D}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{17B5936F-D3F9-42CE-91B7-E20EDB08D2FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{207E2D92-2503-47FE-82ED-AFC48C409F7C}" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"{238106C4-026B-45AA-AC95-6A3BCD40C5DC}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{28DCD345-2DD3-4820-90ED-DEA9106D69F2}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{2AB2A845-D771-4DEA-9C7E-10D6C7A45CD3}" = protocol=6 | dir=in | app=c:\program files\pipi\kmliveupdate.exe |
"{2B321B5A-60CE-43A3-9178-02D0B20BE2CE}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{2F5665E2-C2BE-41E7-9F0D-C8D372557DC7}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{30DB1BAF-ECE4-43F8-816A-8C10C84A7669}" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{37652BDE-832D-4020-B6C9-9366F631D1DE}" = protocol=6 | dir=in | app=c:\program files\pipi\pipiplayer.exe |
"{3859E77E-23F6-47C5-89E7-E9D13B12C65A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39F8D285-D672-43A0-A66D-96B45A0F92B0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3D9E59BB-C2CC-4B8B-91DC-EB3C766BA6AA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{45902786-0B33-4014-9612-3D941DA1CBEC}" = protocol=6 | dir=in | app=f:\programs\sports interactive\football manager 2011\fm.exe |
"{4A4646BF-9C03-465E-8395-06D38FF0F86F}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{4D0F534B-7EBA-4E84-95C1-61B866A49117}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{52DA560E-5FEA-49FC-B7FB-0741B99A30FD}" = protocol=17 | dir=in | app=f:\programs\sports interactive\football manager 2011\fm.exe |
"{574EED0F-7BDF-4DA4-9BE6-140762D257AF}" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"{581B8995-154E-4723-88CE-18380BDAC26A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6353AC18-12E8-46CE-87DD-AFD5761FF173}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{658AA966-F326-4EBD-AC43-2C938DCB47E7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{67820D33-713F-415B-BE93-A910AA5C06C1}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6F89ED08-9118-4C41-8D79-3D8275FD2B24}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{735E5D06-539E-4D52-B63C-275BAC3D220A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{776F7658-5613-44A9-8C20-E24F85BC151C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{777AD29F-2CE0-458B-91C5-1469CCF40228}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{853C0735-800E-4A41-A6AD-DD77FE14D272}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8C6C45C3-2AB0-4D1D-A720-4A085113D2B8}" = protocol=17 | dir=in | app=f:\program files\sports interactive\football manager 2008\fm.exe |
"{94D22B67-2361-4410-B3A5-0C3222EC871A}" = protocol=17 | dir=in | app=c:\program files\pipi\pipiplayer.exe |
"{9B34C4FE-504A-4260-906C-A44765C9266E}" = protocol=6 | dir=in | app=f:\program files\sports interactive\football manager 2008\fm.exe |
"{9D8CF445-BA2E-4225-ACF7-30228756BB13}" = protocol=17 | dir=in | app=c:\program files\pipi\kmliveupdate.exe |
"{9DA45316-76E0-43BD-A835-8420BDB1FC58}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7FC8A29-3FC9-4A38-A179-C33417CBBA86}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A95608C9-EE56-456D-B9FD-3D3343EA8287}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{AB3BCCCA-2977-41DF-9815-01F2B9986308}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{ACF4D698-2D69-479D-BE14-60A0ADF5EBC8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AF6703C6-52BC-415D-AA84-2303B3D1CAEB}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{B00F5C8F-7584-4DE8-85FD-DAA3DFF8EEB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAFBE5E1-1AAE-4EEF-9C1D-9ED88353A307}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BBAED719-BB28-4A36-B66F-71871042DFF3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BC786D87-7677-4A1F-AA5C-5EEBBD592926}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{BFEC98D8-83B2-4231-9B35-CF89325179AD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{C11E7185-AC0C-4AC0-962B-1C6FF35C0141}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{C1C2610C-C44A-475B-9059-0E0C0CD84250}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{C34471E1-DF9D-4132-8C23-91C4343A3D51}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C471775C-EDF2-4303-9009-458D50058719}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C562DB1A-F345-43F0-86B6-E3A0A3C9CD7F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBEEAE6A-FCE6-4ECB-B209-D496EB1F7B98}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CD4D34AD-CA07-4888-9486-2CDA2148E35F}" = protocol=6 | dir=in | app=c:\windows\system32\skcbgm.exe |
"{D8049D0E-BE28-4A62-9F05-4FD82DBB046B}" = protocol=6 | dir=in | app=c:\program files\pipi\jfcachemgr.exe |
"{DD09E618-22FB-4B25-96A1-985D52976AA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E52AEA59-3360-4670-A399-52924CD0EFD0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EDB868FB-70E9-41A8-B75D-203D60C60AFE}" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{F1915E8A-B3F5-4A08-AB8D-03D9036EAFA9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F34531C1-AE6F-4826-B23E-A299DDDE303B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F57638E4-DDD8-4944-BE62-EAB620E7E718}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FB6397B1-DE43-4537-A73E-E0CB9CB19CA4}" = protocol=17 | dir=in | app=c:\program files\pipi\jfcachemgr.exe |
"TCP Query User{222275CF-0869-49E7-B326-E69901A08C50}C:\users\liu\desktop\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\users\liu\desktop\warcraft 3\war3.exe |
"TCP Query User{40AE046F-D6EE-4F5E-9E8E-938163A96733}C:\users\liu\desktop\garena\garena.exe" = protocol=6 | dir=in | app=c:\users\liu\desktop\garena\garena.exe |
"TCP Query User{47A3FEB8-8282-43A1-94D0-6399BFEDF3B7}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4A959F3B-8ACF-49E5-8FB5-390AC362ECF2}C:\users\liu\desktop\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\users\liu\desktop\warcraft 3\war3.exe |
"TCP Query User{50E22222-4509-4600-A12C-58DEE3C7D375}C:\program files\java\jre1.6.0_03\launch4j-tmp\stanza.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\stanza.exe |
"TCP Query User{7ED36E2A-3800-4257-8968-BE5069C3884E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{819DDFC0-E8DD-4881-82FE-CBA5F9BA92E0}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{850A4E3A-7D07-4612-8614-9D256556BCE9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{90EBECE7-14E7-4D8C-976D-EF172FD50419}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{92A645C9-E7BE-4C5E-97A0-10419E92A3EC}F:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{AF483C09-AD16-42C0-83A0-5315DD9308C4}C:\users\liu\desktop\garena\garena.exe" = protocol=6 | dir=in | app=c:\users\liu\desktop\garena\garena.exe |
"TCP Query User{B5A6AB54-C851-48C5-B3F2-E4EE31554437}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C1C2286E-745A-4902-967B-DF44D70F97CC}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{CABF54C0-02C3-4F36-A737-545C039DE598}C:\windows\system32\skcbgm.exe" = protocol=6 | dir=in | app=c:\windows\system32\skcbgm.exe |
"TCP Query User{D92B6F6C-704C-4EFA-8CC1-CCC466E33828}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"TCP Query User{E744E6E9-5CC0-4B52-B61C-0FAA7EE4B9FD}F:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{F2EB38D0-8038-4D48-9E4B-9E65C6C43EA2}C:\users\liu\desktop\counterstrike install\cs16patch_full_v17\hltv.exe" = protocol=6 | dir=in | app=c:\users\liu\desktop\counterstrike install\cs16patch_full_v17\hltv.exe |
"UDP Query User{0A407DE3-5442-4A4F-AB35-38057FDC8D77}C:\users\liu\desktop\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\users\liu\desktop\warcraft 3\war3.exe |
"UDP Query User{2F374492-3753-4EDC-8D4B-A0DC38009C0E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{351735E4-17C7-456B-9032-AF0E64A9CA81}F:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{44F52A9B-656D-40A8-992E-C0B843B14710}F:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{4FC9E1B0-D54A-4E8D-8FAF-34025686C726}C:\users\liu\desktop\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\users\liu\desktop\warcraft 3\war3.exe |
"UDP Query User{50D7A0CC-B9F1-4DA2-98D1-359756C73E21}C:\users\liu\desktop\garena\garena.exe" = protocol=17 | dir=in | app=c:\users\liu\desktop\garena\garena.exe |
"UDP Query User{71537684-7CFB-472F-B3CD-C7EC216427F6}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe |
"UDP Query User{825E3C29-34FB-4ED7-8FC7-D63EFC089B33}C:\users\liu\desktop\counterstrike install\cs16patch_full_v17\hltv.exe" = protocol=17 | dir=in | app=c:\users\liu\desktop\counterstrike install\cs16patch_full_v17\hltv.exe |
"UDP Query User{8F1BD2D9-5B2D-4A78-A709-BAC2D2720FDA}C:\users\liu\desktop\garena\garena.exe" = protocol=17 | dir=in | app=c:\users\liu\desktop\garena\garena.exe |
"UDP Query User{98FDB8C6-6002-4B5E-99EB-C0BB16EED0D8}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AAE6B3D4-3F3F-4927-A522-7B2AFA99DA90}C:\program files\java\jre1.6.0_03\launch4j-tmp\stanza.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\stanza.exe |
"UDP Query User{B1C2BA89-F0AB-4049-A40A-A313CF160047}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B6D49965-3DB5-4A86-90FE-EE991991C371}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{C6488660-5BEF-45FC-9E34-A30B7F6EECA4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D709F766-4DA8-4523-957F-1782D446127E}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{E34268D8-C7FF-4123-92E2-95578151C518}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{FFFCE9A6-30AF-4523-9F93-E569A52C20CB}C:\windows\system32\skcbgm.exe" = protocol=17 | dir=in | app=c:\windows\system32\skcbgm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{18651D22-C569-40DA-9DCE-0F98A4BBE19F}" = FMRTE
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = 3 Mobile Broadband
"{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1" = ApexDC++ 1.4.3
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.991
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31FB582-86AE-4A05-BFC1-5C5CA944E234}" = Vista Profile Pack
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8E3BE40-1E1F-45C2-AE9F-473A51A36024}" = DFX 8 for Windows Media Player
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"쳵(FlashGet)3.7" = 쳵(FlashGet)3.7 ʽ
"3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only)
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell PC Fax" = Dell PC Fax
"ffdshow_is1" = ffdshow [rev 3251] [2010-01-31]
"Football Manager 2011" = Football Manager 2011
"Get Styles" = Get Styles
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mikogo" = Mikogo
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PIPI_is1" = PIPI 2.4.0.1
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"SdaLogon" = Sdas Login
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.1.4 for Windows
"Stanza" = Stanza
"Steam App 35700" = Trine
"stunnel" = stunnel
"Videora iPhone 3G Converter" = Videora iPhone 3G Converter 6
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 2:33:48 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/29/2010 2:35:05 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/29/2010 11:35:05 PM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/29/2010 11:46:23 PM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 12:35:05 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 12:46:23 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 1:35:05 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 1:46:23 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 2:35:05 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

Error - 4/30/2010 2:46:23 AM | Computer Name = Liu-pc | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 6/27/2011 4:42:07 AM | Computer Name = Liu-pc | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 6/28/2011 8:07:29 AM | Computer Name = Liu-pc | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 6/28/2011 8:07:34 AM | Computer Name = Liu-pc | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 150.203.110.207,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 6/28/2011 8:07:36 AM | Computer Name = Liu-pc | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 6/28/2011 5:47:51 PM | Computer Name = Liu-pc | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/28/2011 9:38:36 PM | Computer Name = Liu-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:36:54 AM on 29/06/2011 was unexpected.

Error - 6/28/2011 9:39:08 PM | Computer Name = Liu-pc | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/28/2011 9:39:08 PM | Computer Name = Liu-pc | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 150.203.110.207,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 6/28/2011 9:41:08 PM | Computer Name = Liu-pc | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 6/30/2011 6:37:21 AM | Computer Name = Liu-pc | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 30 June 2011 - 07:11 PM

Now open OTL and we'll clear up a few things

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [<NO NAME>] 
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next run ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#7 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 30 June 2011 - 08:19 PM

========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.24.2 log created on 07012011_111751


ESET scan:

C:\Program Files\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined
C:\Users\Liu\Documents\Downloads\avc-free.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Liu\Documents\Downloads\videora-iphone3g-600-setup.exe Win32/OpenCandy application deleted - quarantined


system slowdown has decreased. but that could be the removal of clutter.

Edited by heretic_guy, 01 July 2011 - 03:17 AM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 03 July 2011 - 07:22 PM

I'm not finding anything about browser redirects to Google which are malicious.

Please run MBAM and SAS next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 05 July 2011 - 12:58 PM

its taking over my google homepage and redirecting me to mediamind, before i proceed with the scan, would a complete reformat help? Reasons behind, im keen on upgrading to vista, and my system is due wayyy over for a reformat anyway.

But i will obviously be migrating my media files, movies, mp3s and some essential docs over. what are the chances that this would that reinfect the new reformated computer?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 05 July 2011 - 06:21 PM

Let's go in a bit harder. Reformatting or upgrading will solve the problem but it would be good to do it under your terms. If we aren't getting anywhere and you want to move on it then let me know. First, download and run Combofix and see if it can strip out the trojan or rootkit.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 06 July 2011 - 08:57 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7031

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

7/6/2011 7:56:51 PM
mbam-log-2011-07-06 (19-56-51).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 336904
Time elapsed: 1 hour(s), 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/06/2011 at 08:57 PM

Application Version : 4.55.1000

Core Rules Database Version : 7376
Trace Rules Database Version: 5188

Scan type : Complete Scan
Total Scan Time : 00:54:14

Memory items scanned : 733
Memory threats detected : 0
Registry items scanned : 8129
Registry threats detected : 0
File items scanned : 37567
File threats detected : 373

Adware.Tracking Cookie
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@imrworldwide[2].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@tribalfusion[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@atdmt[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@banner.pando[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@bs.serving-sys[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@2o7[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@atdmt.combing[2].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@perf.overture[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@serving-sys[1].txt
C:\Users\Liu\AppData\Roaming\Microsoft\Windows\Cookies\liu@adtech[1].txt
.imrworldwide.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.f2network.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.whatthebleephouldimakefordinner.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.whatthebleephouldimakefordinner.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.whatthebleephouldimakefordinner.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.idgenterprise.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xm.xtendmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ie-stat.bmmetrix.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ie-stat.bmmetrix.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2mdn.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ox-d.w00tmedia.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mtvn.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.examinercom.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.martiniadnetwork.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.thefriskycom.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www5.addfreestats.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tripod.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
s07.flagcounter.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.photobucket.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cba.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.harrenmedianetwork.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserving.versaneeds.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yadro.ru [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.view.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stats.cardschat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
party.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.findthebest.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.findthebest.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hearstmagazines.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.alluremedia.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trinitymirror.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adultfriendfinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.avgtechnologies.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
view.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.wpni.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
imagevenue.advertserve.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
imagevenue.advertserve.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
rts.pgmediaserve.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.footballmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
g.blogads.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rudefinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rudefinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rudefinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rudefinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.rudefinder.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www6.addfreestats.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bravenet.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.usatoday1.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.sensis.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.sensis.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftwindows.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cnetaustralia.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.sensis.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.sensismediasmart.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.paypal.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.foxnews.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tracking.foxnews.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
counter.hitslink.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
view.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
view.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.view.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.msnbc.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.surveymonkey.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
z.blogads.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediacorp.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
caloriecount.about.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
caloriecount.about.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.caloriecount.about.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.caloriecount.about.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.medhelpinternational.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.react2media.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.henyepcompany.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
trafficking.nabbr.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
tracking1.aleadpay.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
spe.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viewablemedia.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
f.blogads.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
thewrap.rotator.hadj7.adjuggler.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
thewrap.rotator.hadj7.adjuggler.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eset.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.optus.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.react2media.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ar.atwola.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mm.chitika.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.free-dc.org [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.free-dc.org [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cnetasiapacific.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.timeinc.122.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
network.alluremedia.com.au [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.pokertracker.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.indieclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
optimize.indieclick.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.wotifcom.112.2o7.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
accounts.youtube.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Liu\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
cdn.insights.gravity.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
cdn2.themis-media.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
countdownpage.createyourcountdown.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
ia.media-imdb.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.cnetnetworks.com.au [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.foxsports.com.au [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.heavy.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.kyte.tv [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.mtvnservices.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
media.perthnow.com.au [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
secure-uk.imrworldwide.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]
secure-us.imrworldwide.com [ C:\Users\Liu\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NCY9GFFG ]

Trojan.Agent/Gen-Alient
C:\PROGRAM FILES\SATSUKI DECODER PACK\CPL\SDPCPL.EXE
C:\USERS\LIU\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SATSUKI DECODER PACK\CONFIGURATION.LNK

#12 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 06 July 2011 - 09:50 AM

Not quite sure how combo fix works but encountered an error upon restart that states that i was trying to access an registry that has been marked illegal. another reboot and the error stopped turning up. anyways here's the log mate.


ComboFix 11-07-06.02 - Liu 07/07/2011 0:06.1.2 - x86
Microsoft Windows Vista Home Basic 6.0.6000.0.1252.61.1033.18.2045.902 [GMT 10:00]
Running from: c:\users\Liu\Desktop\comfix.exe.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\comfix.exe
c:\comfix.exe\023.dat
c:\comfix.exe\023v.dat
c:\comfix.exe\023w7.dat
c:\comfix.exe\AppDataFile.cfx
c:\comfix.exe\AppDataFolder.cfx
c:\comfix.exe\appinit.bad
c:\comfix.exe\asp.str
c:\comfix.exe\Assoc.cmd
c:\comfix.exe\ATTRIB.cfxxe
c:\comfix.exe\Auto-RC.cmd
c:\comfix.exe\av.cmd
c:\comfix.exe\av.vbs
c:\comfix.exe\AWF.cmd
c:\comfix.exe\badclsid.c
c:\comfix.exe\Boot-Rk.cmd
c:\comfix.exe\Boot.bat
c:\comfix.exe\BootDrv.vbs
c:\comfix.exe\c.bat
c:\comfix.exe\c.mrk
c:\comfix.exe\Catch-sub.cmd
c:\comfix.exe\catchme.cfxxe
c:\comfix.exe\CCS.bat
c:\comfix.exe\CF-Script.cmd
c:\comfix.exe\CF16910.cfxxe
c:\comfix.exe\CHCP.bat
c:\comfix.exe\clsid.c
c:\comfix.exe\cmd.cfxxe
c:\comfix.exe\Combobatch.bat
c:\comfix.exe\ComboFix-Download.cfxxe
c:\comfix.exe\Create.cmd
c:\comfix.exe\Creg.dat
c:\comfix.exe\CregC.cmd
c:\comfix.exe\CregC.dat
c:\comfix.exe\CSCRIPT.cfxxe
c:\comfix.exe\CSet.cmd
c:\comfix.exe\dd.cfxxe
c:\comfix.exe\ddsDo.sed
c:\comfix.exe\DelClsid.bat
c:\comfix.exe\DelClsid64.bat
c:\comfix.exe\desktop.ini
c:\comfix.exe\DesktopFile.cfx
c:\comfix.exe\DisclaimED.dat
c:\comfix.exe\DPF.str
c:\comfix.exe\DrvRun.vbs
c:\comfix.exe\dumphive.cfxxe
c:\comfix.exe\embedded.sed
c:\comfix.exe\en-AU\ATTRIB.cfxxe.mui
c:\comfix.exe\en-AU\CF16910.cfxxe.mui
c:\comfix.exe\en-AU\CMD.cfxxe.mui
c:\comfix.exe\en-AU\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-AU\PING.cfxxe.mui
c:\comfix.exe\en-AU\REGT.cfxxe.mui
c:\comfix.exe\en-AU\ROUTE.cfxxe.mui
c:\comfix.exe\en-US\ATTRIB.cfxxe.mui
c:\comfix.exe\en-US\CF16910.cfxxe.mui
c:\comfix.exe\en-US\cmd.cfxxe.mui
c:\comfix.exe\en-US\CSCRIPT.cfxxe.mui
c:\comfix.exe\en-US\PING.cfxxe.mui
c:\comfix.exe\en-US\REGT.cfxxe.mui
c:\comfix.exe\en-US\ROUTE.cfxxe.mui
c:\comfix.exe\ERDNT.e_e
c:\comfix.exe\ERDNTDOS.LOC
c:\comfix.exe\ERDNTWIN.LOC
c:\comfix.exe\ERUNT.cfxxe
c:\comfix.exe\erunt.dat
c:\comfix.exe\ERUNT.LOC
c:\comfix.exe\Exe.reg
c:\comfix.exe\extract.cfxxe
c:\comfix.exe\FavoriteFolder.cfx
c:\comfix.exe\FavoritesFile.cfx
c:\comfix.exe\FD-SV.cmd
c:\comfix.exe\ffdefstr.dll
c:\comfix.exe\FileKill.cfxxe
c:\comfix.exe\files.pif
c:\comfix.exe\Fin.dat
c:\comfix.exe\FIND3M.bat
c:\comfix.exe\FIXLSP.bat
c:\comfix.exe\FKMGen.cmd
c:\comfix.exe\ForeignWht
c:\comfix.exe\GetHive.cmd
c:\comfix.exe\grep.cfxxe
c:\comfix.exe\gsar.cfxxe
c:\comfix.exe\handle.cfxxe
c:\comfix.exe\HDPEInfo.cfxxe
c:\comfix.exe\hidec.cfxxe
c:\comfix.exe\history.bat
c:\comfix.exe\hwid.pif
c:\comfix.exe\iexplore.exe
c:\comfix.exe\image001.gif
c:\comfix.exe\Imefile.dat
c:\comfix.exe\Install-RC.cmd
c:\comfix.exe\katch.cmd
c:\comfix.exe\Kill-All.cmd
c:\comfix.exe\kmd.dat
c:\comfix.exe\Lang.bat
c:\comfix.exe\List-B.bat
c:\comfix.exe\List-C.bat
c:\comfix.exe\List-D.bat
c:\comfix.exe\List.bat
c:\comfix.exe\lnkread.vbs
c:\comfix.exe\LocalAppDataFile.cfx
c:\comfix.exe\LocalAppDataFolder.cfx
c:\comfix.exe\LocalService.dat
c:\comfix.exe\LocalServiceNetworkRestricted.dat
c:\comfix.exe\LocalSettingsFile.cfx
c:\comfix.exe\LocalSystemNetworkRestricted.dat
c:\comfix.exe\mbr.cfxxe
c:\comfix.exe\mbr.chk
c:\comfix.exe\md5sum.pif
c:\comfix.exe\Mirrors
c:\comfix.exe\MoveIt.bat
c:\comfix.exe\mtee.cfxxe
c:\comfix.exe\MtPt00
c:\comfix.exe\MUI
c:\comfix.exe\mynul.dat
c:\comfix.exe\N_\10438
c:\comfix.exe\N_\1157
c:\comfix.exe\N_\12560
c:\comfix.exe\N_\12774
c:\comfix.exe\N_\15410
c:\comfix.exe\N_\16691
c:\comfix.exe\N_\18566
c:\comfix.exe\N_\19195
c:\comfix.exe\N_\19434
c:\comfix.exe\N_\19936
c:\comfix.exe\N_\24365
c:\comfix.exe\N_\26540
c:\comfix.exe\N_\27615
c:\comfix.exe\N_\2799
c:\comfix.exe\N_\31567
c:\comfix.exe\N_\3659
c:\comfix.exe\N_\5078
c:\comfix.exe\N_\532
c:\comfix.exe\N_\6451
c:\comfix.exe\N_\7065
c:\comfix.exe\N_\pingtest
c:\comfix.exe\ncmd.com
c:\comfix.exe\ND_.bat
c:\comfix.exe\ND_64.bat
c:\comfix.exe\ndis_combofix.dat
c:\comfix.exe\netsvc.bad.dat
c:\comfix.exe\netsvc.dat
c:\comfix.exe\netsvc.vista.dat
c:\comfix.exe\netsvc.xp.dat
c:\comfix.exe\NetworkService.dat
c:\comfix.exe\NirCmd.cfxxe
c:\comfix.exe\NircmdB.exe
c:\comfix.exe\NirCmdC.cfxxe
c:\comfix.exe\NIRKMD.cfxxe
c:\comfix.exe\NlsLanguageDefault
c:\comfix.exe\NT-OS.cmd
c:\comfix.exe\NULL
c:\comfix.exe\OSid.vbs
c:\comfix.exe\OsVer
c:\comfix.exe\pausep.cfxxe
c:\comfix.exe\PersonalFile.cfx
c:\comfix.exe\PersonalFolder.cfx
c:\comfix.exe\pev.cfxxe
c:\comfix.exe\pevb.cfxxe
c:\comfix.exe\PING.cfxxe
c:\comfix.exe\Policies.dat
c:\comfix.exe\powp.dat
c:\comfix.exe\Prep.inf
c:\comfix.exe\ProfilesFile.cfx
c:\comfix.exe\ProfilesFolder.cfx
c:\comfix.exe\ProgramsFile.cfx
c:\comfix.exe\ProgramsFolder.cfx
c:\comfix.exe\Purity.dat
c:\comfix.exe\PV.cfxxe
c:\comfix.exe\pv.com
c:\comfix.exe\rar_sfx.cmd
c:\comfix.exe\RCLink.dat
c:\comfix.exe\REGDACL.sed
c:\comfix.exe\RegDo.sed
c:\comfix.exe\region.dat
c:\comfix.exe\RegScan.cmd
c:\comfix.exe\RegScan64.cmd
c:\comfix.exe\Resident.txt
c:\comfix.exe\restore_pt.vbs
c:\comfix.exe\Rkey.cmd
c:\comfix.exe\rmbr.cfxxe
c:\comfix.exe\rogues.dat
c:\comfix.exe\ROUTE.cfxxe
c:\comfix.exe\run2.sed
c:\comfix.exe\Rust.str
c:\comfix.exe\s0rt.cfxxe
c:\comfix.exe\safeboot.dat
c:\comfix.exe\safeboot.def.dat
c:\comfix.exe\safeboot.def.vista.dat
c:\comfix.exe\Safeboot.def.w7.dat
c:\comfix.exe\sed.cfxxe
c:\comfix.exe\SetEnvmt.bat
c:\comfix.exe\setpath.cfxxe
c:\comfix.exe\setpath_N.cmd
c:\comfix.exe\SF.exe
c:\comfix.exe\sfx.cmd
c:\comfix.exe\SnapShot.cmd
c:\comfix.exe\SRestore.cmd
c:\comfix.exe\srizbi.md5
c:\comfix.exe\Start_dat
c:\comfix.exe\StartMenuFile.cfx
c:\comfix.exe\StartMenuFolder.cfx
c:\comfix.exe\StartUpFile.cfx
c:\comfix.exe\SuppScan.cmd
c:\comfix.exe\svc_wht.dat
c:\comfix.exe\SvcDrv.vbs
c:\comfix.exe\svchost.dat
c:\comfix.exe\svchost.vista.dat
c:\comfix.exe\svchost.vista.x64.dat
c:\comfix.exe\svchost.w7.dat
c:\comfix.exe\svchost.w7.x64.dat
c:\comfix.exe\swreg.cfxxe
c:\comfix.exe\swsc.cfxxe
c:\comfix.exe\swxcacls.cfxxe
c:\comfix.exe\system_ini.dat
c:\comfix.exe\tail.cfxxe
c:\comfix.exe\TemplatesFile.cfx
c:\comfix.exe\TemplatesFolder.cfx
c:\comfix.exe\toolbar.sed
c:\comfix.exe\Update-CF.cmd
c:\comfix.exe\VerCF.bat
c:\comfix.exe\version.txt
c:\comfix.exe\VInfo
c:\comfix.exe\VInfo2
c:\comfix.exe\Vipev.dat
c:\comfix.exe\Vista.krl
c:\comfix.exe\Vista.mac
c:\comfix.exe\vistaMcode.dat
c:\comfix.exe\vistareg.dat
c:\comfix.exe\vun.dat
c:\comfix.exe\VwinTemp.dacl
c:\comfix.exe\w_sock.dll
c:\comfix.exe\w2k_sock.dll
c:\comfix.exe\w2kreg.dat
c:\comfix.exe\w7Mcode.dat
c:\comfix.exe\w7reg.dat
c:\comfix.exe\Wmi_rem.vbs
c:\comfix.exe\xpmcode.dat
c:\comfix.exe\xpreg.dat
c:\comfix.exe\XPSBoot.reg
c:\comfix.exe\zDomain.dat
c:\comfix.exe\zhsvc.dat
c:\comfix.exe\zip.cfxxe
C:\DFREFCC.tmp
c:\programdata\ntuser.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\mcckmplayervod.ini
c:\windows\system32\detoured.dll
c:\windows\system32\drivers\kbiwkmtjmdypew.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 14:13 . 2011-07-06 14:25 -------- d-----w- c:\users\Liu\AppData\Local\temp
2011-07-06 14:13 . 2011-07-06 14:15 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-07-06 14:13 . 2011-07-06 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 09:58 . 2011-07-06 09:58 -------- d-----w- c:\users\Liu\AppData\Roaming\SUPERAntiSpyware.com
2011-07-06 09:58 . 2011-07-06 09:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-06 09:58 . 2011-07-06 09:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-05 15:32 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB18DAB8-FB97-42E4-A5A0-D43DED59ED62}\mpengine.dll
2011-07-01 01:17 . 2011-07-01 01:17 -------- d-----w- C:\_OTL
2011-06-20 13:00 . 2011-06-21 10:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-17 22:15 . 2011-06-17 22:15 -------- d-----w- c:\users\Liu\AppData\Local\Geckofx
2011-06-17 22:15 . 2011-06-17 22:15 -------- d-----w- c:\program files\AviSynth 2.5
2011-06-16 23:16 . 2011-06-16 23:17 -------- d-----w- c:\programdata\Skype Extras
2011-06-16 23:15 . 2011-06-16 23:15 -------- d-----w- c:\program files\Common Files\Skype
2011-06-08 03:25 . 2011-06-08 03:25 -------- d-----w- C:\$AVG
2011-06-08 03:24 . 2011-06-08 03:24 -------- d-----w- c:\users\Liu\AppData\Roaming\AVG10
2011-06-08 03:23 . 2011-06-08 03:23 -------- d--h--w- c:\programdata\Common Files
2011-06-08 03:21 . 2011-07-06 11:08 -------- d-----w- c:\programdata\AVG10
2011-06-08 03:19 . 2011-06-08 03:19 -------- d-----w- c:\program files\AVG
2011-06-08 03:16 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 03:16 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 03:16 . 2011-06-08 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-08 03:11 . 2011-07-01 14:50 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 11:10 . 2008-02-01 11:08 0 ----a-w- c:\users\Liu\AppData\Local\WavXMapDrive.bat
2011-05-24 09:14 . 2009-10-02 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 18:52 . 2011-05-09 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-03 1232896]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"SigmatelSysTrayApp"="sttray.exe" [2007-05-07 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-15 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-15 92704]
"SecureW2 Tray"="c:\program files\SecureW2\sw2_tray.exe" [2010-03-03 152264]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-28 1047656]
.
c:\users\Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-1-11 45056]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 07:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Liu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Liu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-20 09:25 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Azureus]
2011-04-21 12:49 232896 ----a-w- c:\program files\Vuze\Azureus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 04:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-28 23:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mikogo]
2011-05-09 16:26 2748416 ----a-w- c:\users\Liu\AppData\Roaming\Mikogo\Mikogo-Host.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
2011-05-09 16:17 4923288 ----a-w- c:\program files\Pando Networks\Pando\Pando.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 11:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-22 08:10 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 05:35 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9d3c1686978;Google Update Service (gupdate1ca9d3c1686978);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 133104]
R2 PIPIStartSvr;PIPIStartSvr;c:\program files\pipi\PIPIStartSvr.exe [x]
R3 B-Service;B-Service;c:\users\Liu\AppData\Roaming\Mikogo\B-Service.exe [2011-05-09 185640]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2007-05-05 29184]
R3 bthav;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2007-05-05 36352]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
R3 GarenaPEngine;GarenaPEngine;c:\users\Liu\AppData\Local\Temp\EFU70A1.tmp [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 133104]
R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2006-11-02 22016]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-18 65536]
S2 SW2SVC;SecureW2 Service;c:\program files\SecureW2\sw2_service.exe [2010-03-03 95944]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthaudiosvc REG_MULTI_SZ HFGService
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 21:27]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 21:27]
.
2011-07-06 c:\windows\Tasks\User_Feed_Synchronization-{2C7DC052-0128-4750-B0BE-48592229301E}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: ????3??
IE: ????3??????
IE: ????3?? - c:\users\Liu\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\program files\FlashGet Network\FlashGet 3\GetAllFlvUrl.htm
IE: ????3?????? - c:\users\Liu\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 150.203.1.10 150.203.22.28
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg6.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
FF - ProfilePath - c:\users\Liu\AppData\Roaming\Mozilla\Firefox\Profiles\eexh7sdz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe..
FF - prefs.js: keyword.enabled - false
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-48449573.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Liu\AppData\Local\Temp\EFU70A1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\Liu\\Desktop\\fm_genie_scout_10_v1_0_b114\\FM Genie Scout 10\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009db7
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="E4-A300-E47F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Liu\\Desktop\\fm_genie_scout_2009_xe_209\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Users\\Liu\\Documents\\Sports Interactive\\Football Manager 2009\\games\\swap.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="E4-A300-E47F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u_f3* N}]
@="c:\\Users\\Liu\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u_f3* N}hQƉ]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\FlashGet Network\\FlashGet 3\\GetAllFlvUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u_f3* N}hQc]
@="c:\\Users\\Liu\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7d,49,5a,db,00,12,67,ce,4e,e9,4b,ab,87,61,b2,42,b0,9d,fd,42,e5,
08,d0,b9,b8,ca,37,46,09,0f,a1,38,1a,de,9a,0c,bf,d7,2c,ca,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1120031545-3428858174-1737754950-1000_Classes\CLSID\{ff63fd74-544e-49a0-bf5d-78280e85eb36}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015f
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,72,2e,11,82,09,1e,e7,4d,7b,7b,3d,f0,c6,7a,28,ed,9d,ed,af,20,83,05,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\msdtc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\ico.exe
c:\windows\sttray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-07-07 00:28:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 14:28
.
Pre-Run: 18,063,581,184 bytes free
Post-Run: 17,621,258,240 bytes free
.
- - End Of File - - CA74E997F76C184D1A91D79FD4B7E899

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 06 July 2011 - 07:38 PM

Nothing obvious there so let's check for rootkit activity.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 heretic_guy

heretic_guy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 06 July 2011 - 08:09 PM

wow the scan was real quick for a change.


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-07 11:07:14
-----------------------------
11:07:14.600 OS Version: Windows 6.0.6000
11:07:14.600 Number of processors: 2 586 0xF0B
11:07:14.601 ComputerName: LIU-PC UserName: Liu
11:07:15.338 Initialize success
11:07:32.569 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
11:07:32.571 Disk 0 Vendor: WDC_WD1200BEVS-75UST0 01.01A01 Size: 114473MB BusType: 3
11:07:34.597 Disk 0 MBR read successfully
11:07:34.599 Disk 0 MBR scan
11:07:34.601 Disk 0 unknown MBR code
11:07:36.604 Disk 0 scanning sectors +234438656
11:07:36.640 Disk 0 scanning C:\Windows\system32\drivers
11:07:44.114 Service scanning
11:07:45.816 Disk 0 trace - called modules:
11:07:45.870 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
11:07:45.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854a3ad8]
11:07:45.872 3 ntkrnlpa.exe[828b07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85421030]
11:07:45.872 Scan finished successfully
11:08:27.508 Disk 0 MBR has been saved successfully to "C:\Users\Liu\Desktop\MBR.dat"
11:08:27.509 The log file has been saved successfully to "C:\Users\Liu\Desktop\aswMBR.txt"

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:48 PM

Posted 07 July 2011 - 04:43 PM

Can you next run MBRCheck - this will be quick too!

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users