Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY SERIOUS! Infected with srvcli.dll bad image error!


  • This topic is locked This topic is locked
127 replies to this topic

#1 rody

rody

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 03 July 2011 - 01:33 PM

Hi guys, i am going crazy soon. Have scanned with many programs.


It is my bro's computer, and i am helping him to give it a look.


PROBLEMS HE TOLD ME:
1. There is no sound from the laptop (disk volume error i think).
2. c:\windows/system32/srvcli.dll error (pls see attached)
3. MSNMSGR.exe - bad image error (what he told me, but i didnt see it YET)
4. Windows Media Player (pls see attached) - Most of the background is black. Images became a blank square with a 'x' on each of them. Looks out of place. I have never seen such thing before until he showed me.




1. DDS LOG
Regarding the DDS program, it took me more than 3 minutes to get the report. About 30mins or less. HOWEVER, the virus stopped me from saving the TWO text files. When i clicked 'saved as', 2 boxes appeared. I closed the 2 boxes and i tried to save again. BUT, even tho i have clicked save, the 2 text files CANNOT be found on desktop, or other folder (i tried saving to a folder). I dont know why.


Is it ok if i post the TWO text files here?



2. GMER LOG
The affected laptop, from what i have checked, is a Windows 7 home premium, System Type is 64-bit operating system. So i guess, there is no need for a GMER LOG then?


3. AVG Anti Virus Free

I have scanned the computer with this program, and they detected 13 affected files (pls see attached, virus1.jpg). I forgot to do the settings, hence the program moved the affected files to the virus vault right away. I noticed that most of the affected files are actually DOCUMENT files, and I thought they might be important to keep (afterall, it is not my computer), what i did was, I actually restore the affected files back. My INTENTION is to open those affected documents and copy and paste the info from each affected document to a NEW document and save them in a different name! And later, run the scan again and deleted the affected files. HOWEVER, after i restore the 13 affected files, i cant find those files in the designated folders anymore! (NOTE: After i click 'restore', AVG pops out boxes that say these files will be blocked or sth. Im not sure) Is there anyway to get those files back?

Later, i uninstalled AVG, and decided to try on other virus scanners like Panda Antivirus Pro 2012. (BUT the srvcli.dll bad image error box pops out whenever i try to run this program so i didnt manage to use it)



Any help is GREATLY APPRECIATED. I have done what i can do to help my brother. I really have no idea what to do now! I used to have viruses or trojans in my lappy but i have not encountered things like that (srvcli.dll bad image, windows media player turning black, no sound from lappy.... oh dear.).

Please help! Thank you!

I have more attached to show, but i cant seem to upload anymore?


MORE UPDATES:
1. Looks like there is really NO sound even tho i have max the volume. I tested on youtube.

2. I cant run the program Spybot Search And Destroy. The srvcli.dll bad image box pops out when i tried to open it.

3. Anyway, while uploading stuffs, the icons of each app are black (black squares).



THE FOLLOWING ARE THE TWO TEXT FILES FROM THE DDS LOG:


1. DDS TEXT FILE

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by KC at 1:14:57 on 2011-07-04
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.4095.1529 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Antivirus Pro 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\PPS.tv\PPStream\PPSAP.exe
svchost.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\easyMule\emule.exe
C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
D:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\DllHost.exe
svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Users\KC\Desktop\stinger10.2.0.146.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = ${URL_SEARCHPAGE}
uDefault_Page_URL = hxxp://asus.msn.com
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com
\GenericAskToolbar.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote
\tbVuze.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB
\prxtbDVDV.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote
\tbVuze.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB
\prxtbDVDV.dll
mWinlogon: Userinit=userinit.exe
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files
(x86)\Windows Live\Family Safety\fssbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar
\wltcore.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PPS Accelerator] D:\PPS.tv\PPStream\ppsap.exe
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [eMuleAutoStart] C:\Program Files (x86)\easyMule\eMule.exe -AutoStart
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [MediaGet2] C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
StartupFolder: C:\Users\KC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PPS.lnk - D:\PPS.tv\PPStream
\PPStream.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM
\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-
4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-
4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: &使用FLVCD下载 - C:\Program Files\flvcd\flvcd_href.htm
IE: &使用FLVCD下载本页视频 - C:\Program Files\flvcd\flvcd_link.htm
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download by easyMule - C:\Program Files (x86)\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live
\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:
\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:
\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot -
Search & Destroy\SDHelper.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} -
hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32} : DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32}\245727765627B496E676 : DhcpNameServer = 165.21.83.88 165.21.100.88
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32}\4505D2C494E4B4F5342334830343 : DhcpNameServer = 218.186.1.58
202.156.1.68
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared
\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows
\system32\mscories.dll,Install
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows
\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
BHO-X64: IE2EMBHO Class: {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files (x86)\easyMule\modules\IE2EM.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine
\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &
Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack
\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB
\prxtbDVDV.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live
\Toolbar\wltcore.dll
TB-X64: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar
\wltcore.dll
TB-X64: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun-x64: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components
\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{038cb5c7-48ea-4af9-94e0
-a1646542e62b}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{038cb5c7-48ea-4af9-94e0
-a1646542e62b}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{872b5b88-9db5-4310-bdd0
-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{872b5b88-9db5-4310-bdd0
-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e6570cd8-9978-4621-b1f9
-6a62436f0466}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e6570cd8-9978-4621-b1f9
-6a62436f0466}\components\RadioWMPCore.dll
FF - plugin: C:\Downloads\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\Player\npvlc.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\VLCBroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-26 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-03 16:18:59 -------- d-----w- C:\Windows\FltMgr
2011-07-03 16:16:26 -------- d-----w- C:\Users\KC\AppData\Local\Panda Security
2011-07-03 16:11:08 30792 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-07-03 16:07:30 48136 ----a-w- C:\Windows\System32\drivers\ShldFlt.sys
2011-07-03 16:07:30 -------- d-----w- C:\Program Files (x86)\Common Files\Panda Security
2011-07-03 13:56:31 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2011-07-03 13:31:54 -------- d--h--w- C:\$AVG
2011-07-03 13:09:36 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-07-03 13:09:15 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-07-03 13:02:09 -------- dc-h--w- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2011-07-03 13:01:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-03 12:41:44 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 12:41:42 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 12:41:04 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 12:40:38 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-03 12:40:38 -------- d-----w- C:\Program Files\AVAST Software
2011-07-03 12:32:04 -------- d-----w- C:\Users\KC\AppData\Roaming\AVG10
2011-07-03 12:25:27 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-01 13:46:11 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65F25D3A-
32C8-4076-BD7A-A1ED72CD10BC}\mpengine.dll
2011-06-29 08:56:50 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 08:56:50 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 08:56:49 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 08:56:49 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 08:56:49 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-27 16:29:24 -------- d--h--w- C:\ProgramData\Common Files
2011-06-27 16:09:41 -------- d-----w- C:\ProgramData\AVG10
2011-06-27 15:26:45 -------- d-----w- C:\ProgramData\MFAData
2011-06-19 04:40:49 -------- d-----w- C:\Program Files\CCleaner
2011-06-05 10:53:24 -------- d-----w- C:\ProgramData\SonicStage
2011-06-05 10:43:44 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\iKernel.dll
2011-06-05 10:43:44 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\ctor.dll
2011-06-05 10:43:44 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\DotNetInstaller.exe
2011-06-05 10:43:44 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\iscript.dll
2011-06-05 10:43:44 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\iuser.dll
2011-06-05 10:43:43 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\setup.dll
2011-06-05 10:43:43 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime
\10\01\Intel32\iGdi.dll
2011-06-05 10:42:25 -------- d-----w- C:\Windows\SysWow64\Iosubsys
2011-06-05 10:31:00 -------- d-----w- C:\Users\KC\AppData\Roaming\NCH Software
2011-06-05 10:29:56 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2011-06-05 09:20:48 110592 ----a-w- C:\Windows\SysWow64\atrac3.acm
2011-06-05 08:37:21 244416 ----a-w- C:\Windows\SysWow64\msflxgrd.ocx
.
==================== Find3M ====================
.
2011-06-18 21:22:56 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-06-18 21:22:25 362496 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-18 01:35:46 536576 ----a-w- C:\Windows\System32\Funshion.scr
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
2006-05-03 03:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 1:30:20.01 ===============






2. ATTACH TEXT FILE


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/11/2009 8:03:08 PM
System Uptime: 3/7/2011 11:19:10 PM (2 hours ago)
.
Motherboard: PEGATRON Corp. | | F83VF
Processor: Intel® Core™2 Duo CPU P8800 @ 2.66GHz | Socket 478 |
773/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 10.467 GiB free.
D: is FIXED (NTFS) - 335 GiB total, 332.42 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Link-Layer Topology Discovery Mapper I/O Driver
Device ID: ROOT\LEGACY_LLTDIO\0000
Manufacturer:
Name: Link-Layer Topology Discovery Mapper I/O Driver
PNP Device ID: ROOT\LEGACY_LLTDIO\0000
Service: lltdio
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}
_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Service:
.
==== System Restore Points ===================
.
RP449: 3/7/2011 7:46:35 PM - Windows Update
RP450: 3/7/2011 8:24:54 PM - Installed AVG 2011
RP451: 3/7/2011 8:25:41 PM - Installed AVG 2011
RP452: 3/7/2011 8:40:00 PM - avast! Free Antivirus Setup
RP453: 3/7/2011 11:11:36 PM - Removed AVG 2011
RP454: 3/7/2011 11:15:43 PM - Removed AVG 2011
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
8BallClub Billiards
Acrobat.com
Actualiza??o do Microsoft Office Excel 2007 Help (KB963678)
Actualiza??o do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualiza??o do Microsoft Office Word 2007 Help (KB963665)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Ask Toolbar
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_Camera_ScreenSaver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Atualiza??o do produto Microsoft Office Excel 2007 Help (KB963678)
Atualiza??o do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualiza??o do produto Microsoft Office Word 2007 Help (KB963665)
avast! Free Antivirus
BitTorrent
BOCNET Security Applet 1.5
Bonjour
Cisco Network Magic
Conduit Engine
ControlDeck
Creative Centrale
Creative Software Update
Creative ZEN X-Fi2 Documentation
CyberLink LabelPrint
CyberLink Power2Go
DkZ Studio
DVDVideoSoftTB Toolbar
easyMule
?? Microsoft Office Excel 2007 Help (KB963678)
?? Microsoft Office Powerpoint 2007 Help (KB963669)
?? Microsoft Office Word 2007 Help (KB963665)
Express Burn Disc Burning Software
Express Gate
Facebook Plug-In
Free Studio version 5.0.8
GoldWave v5.55
Google Chrome
Google Update Helper
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Media Go
MediaGet2 version 2.1.537.0
MediaGet2 version 2.1.716.0
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help ?o?o??′ (KB963678)
Microsoft Office Excel 2007 Help ?D? (KB963678)
Microsoft Office Excel 2007 Help sμ{|? (KB963678)
Microsoft Office Excel 2007 Help Actualizacin (KB963678)
Microsoft Office Excel 2007 Help Gncellettirmesi (KB963678)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office Home and Student 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office OneNote MUI (Thai) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office PowerPoint 2007 sμ{|? (KB963669)
Microsoft Office Powerpoint 2007 Help ?o?o??′ (KB963669)
Microsoft Office Powerpoint 2007 Help ?D? (KB963669)
Microsoft Office Powerpoint 2007 Help sμ{|? (KB963669)
Microsoft Office Powerpoint 2007 Help Actualizacin (KB963669)
Microsoft Office Powerpoint 2007 Help Gncellettirmesi (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 sμ{|? (KB963665)
Microsoft Office Word 2007 Help ?o?o??′ (KB963665)
Microsoft Office Word 2007 Help ?D? (KB963665)
Microsoft Office Word 2007 Help sμ{|? (KB963665)
Microsoft Office Word 2007 Help Actualizacin (KB963665)
Microsoft Office Word 2007 Help Gncellettirmesi (KB963665)
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
Mise jour Microsoft Office Excel 2007 Help (KB963678)
Mise jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise jour Microsoft Office Word 2007 Help (KB963665)
Mobile Broadband Modem
Mozilla Firefox 5.0 (x86 en-US)
Mp3tag v2.46a
MSVCRT
Network Magic
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Orbit Downloader
Panda Antivirus Pro 2012
Panda Secure Vault 5
PlayStation®Network Downloader
PlayStation®Store
PPS影音 V2.7.0.1208 正式版
PPS游戏 V1.0.1.238
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
RelevantKnowledge
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
SpywareBlaster 4.4
TagScanner 5.1.596
Tencent QQ
ToggleEN Toolbar
TVUPlayer 2.5.3.1
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
v2011.build.44
Veetle TV 0.9.17
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.2
Vodafone Mobile Connect Lite Runtime Components
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinRAR archiver
Wireless Console 3
中国银行网上银行安全控件 1.5
硕鼠 0.4.5.16 正式版
.
==== Event Viewer Messages From Past Week ========
.
4/7/2011 12:12:13 AM, Error: Service Control Manager [7030] - The Panda
Software Controller service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service
may not function properly.
4/7/2011 1:08:03 AM, Error: Service Control Manager [7023] - The Remote
Access Connection Manager service terminated with the following error: The
system cannot find the device specified.
4/7/2011 1:08:03 AM, Error: RasMan [20063] - Remote Access Connection
Manager failed to start because the Protocol engine [vpnike.dll] failed to
initialize. The system cannot find the device specified.
4/7/2011 1:07:52 AM, Error: Service Control Manager [7023] - The Remote
Access Connection Manager service terminated with the following error: The
process cannot access the file because it is being used by another process.
4/7/2011 1:07:52 AM, Error: RasMan [20070] - Point to Point Protocol
engine was unable to load the C:\Windows\System32\raschap.dll module. The
process cannot access the file because it is being used by another process.
4/7/2011 1:07:52 AM, Error: RasMan [20063] - Remote Access Connection
Manager failed to start because the Protocol engine [rasppp.dll] failed to
initialize. The process cannot access the file because it is being used by
another process.
3/7/2011 9:02:40 PM, Error: Service Control Manager [7030] - The Lavasoft
Ad-Aware Service service is marked as an interactive service. However, the
system is configured to not allow interactive services. This service may
not function properly.
3/7/2011 7:50:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] -
Installation Failure: Windows failed to install the following update with
error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 for x64-based Systems (KB2478663).
3/7/2011 7:49:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] -
Installation Failure: Windows failed to install the following update with
error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2 for x64-based Systems (KB2446708).
3/7/2011 7:42:33 PM, Error: volsnap [36] - The shadow copies of volume C:
were aborted because the shadow copy storage could not grow due to a user
imposed limit.
3/7/2011 7:16:45 PM, Error: Ntfs [55] - The file system structure on the
disk is corrupt and unusable. Please run the chkdsk utility on the volume
G:.
3/7/2011 11:39:08 PM, Error: Service Control Manager [7034] - The Pure
Networks Platform Service service terminated unexpectedly. It has done
this 1 time(s).
3/7/2011 11:22:58 PM, Error: Service Control Manager [7009] - A timeout
was reached (30000 milliseconds) while waiting for the Google Update
Service (gupdate) service to connect.
3/7/2011 11:22:58 PM, Error: Service Control Manager [7000] - The Google
Update Service (gupdate) service failed to start due to the following
error: The service did not respond to the start or control request in a
timely fashion.
3/7/2011 11:20:30 PM, Error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: FileDisk
ProtectorA
3/7/2011 11:19:39 PM, Error: Service Control Manager [7000] - The Link-
Layer Topology Discovery Mapper I/O Driver service failed to start due to
the following error: Windows cannot verify the digital signature for this
file. A recent hardware or software change might have installed a file that
is signed incorrectly or damaged, or that might be malicious software from
an unknown source.
3/7/2011 1:57:08 PM, Error: Ntfs [55] - The file system structure on the
disk is corrupt and unusable. Please run the chkdsk utility on the volume
Elements.
.
==== End Of File ===========================








thats it.

For now, im running the virus scanner - Stinger. (desperate much)

Please help! Thank you! :o :o :cold: :mellow: :angry:

EDIT: Posts merged ~Budapest

Hi, is anyone out there who can help? :mellow: :mellow:


I check this topic for a few times every day, but 5 days have passed, and i still dont get any replies....... :cold: :cold:


is the lappy too messed up or beyond cure? *worry* :cold: :cold: :o :o

EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 9 days. ~Budapest

Attached Files


Edited by Budapest, 10 July 2011 - 05:44 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:39 PM

Posted 15 July 2011 - 11:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 15 July 2011 - 03:52 PM

Hi Orange Blossom, thank you for replying. Greatly appreciated. :) Well thats because this is the first time I've waited this long (12 days) to get a reply on this forum. So i thought this topic might have been overlooked or something. So i was kinda panic and impatient and also, i have promised to help my brother to save his laptop. Sorry for my impatience.


1. No, the problem has not been resolved. I have been coming to this thread every day hoping that someone will reply and show me some light. Anyway, the affected laptop has not been in use since July 4th (after i posted the log).


2. I have a problem while saving Notepad file! (like what i have described on July 4th). I tried to save the DDS notepad file, and a small window pop out with the header: notepad.exe - Bad Image.

The message is C:\Windows\System32\SysWOW64\WindowsCodecs.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administration or the software vendor for support.

Goodness!! It's always this bad image thing!!


The above box will pop out TWICE.

Then later, it will allow me to save. WEIRD.


SYSTEM INFO:
Windows 7 Home Premium.
System Type: 64-bit Operating System



3. No.

4. DDS Scan is successful.

Start of DDS scan: 4.23am
End of DDS scan: 4:33am
Total time taken: 10 minutes.


GMER log is not done because the system is running on 64-bit.



5.

DESCRIPTION OF PROBLEMS: (Please read what i have posted earlier too. And refer to the attached images. Thank you.)


At startup, a small window will ALWAYS pop out with a header: msnmsgr.exe - Bad Image.

The message is: C:\Windows\System32\srvcli.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administration or the software vendor for support.

I will click the X button to close it.



*NEW* (Never seen this message before)
When i open the DDS program, another small window will pop out with a header: GDI+ Window: ApVxdWin.exe - Bad Image.

The message is C:\Windows\System32\SXS.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administration or the software vendor for support.

I will click the X button to close it.




6. Alright.

7. Sure!

8. Will do.


*** Id be posting on 2 posts because im using separate laptops to post this. The next post will be the DDS and Attach log!

*** I have used 496.32K / 512K upload quota, hence i could no upload anymore attachment (which is the Attachment.txt log), hence i will post the Attach.txt here instead of zipping and uploading it to here. Is that alright?

#4 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 15 July 2011 - 04:03 PM

This is the DDS log:




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by KC at 4:22:57 on 2011-07-16
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.4095.2012 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Antivirus Pro 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
D:\PPS.tv\PPStream\PPSAP.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files (x86)\easyMule\emule.exe
C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
D:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVJOBS.EXE
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = ${URL_SEARCHPAGE}
uDefault_Page_URL = hxxp://asus.msn.com
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote

\tbVuze.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB

\prxtbDVDV.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote

\tbVuze.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB

\prxtbDVDV.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - C:\Program Files (x86)\easyMule\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy

\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack

\Search Helper\SEPsearchhelperie.dll
{776b71e2-b4cc-4c94-bc7c-09103aa690b6}
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar

\wltcore.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar

\wltcore.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PPS Accelerator] D:\PPS.tv\PPStream\ppsap.exe
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [eMuleAutoStart] C:\Program Files (x86)\easyMule\eMule.exe -AutoStart
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [MediaGet2] C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe --minimized
uRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
StartupFolder: C:\Users\KC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PPS.lnk - D:\PPS.tv\PPStream

\PPStream.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM

\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-

4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-

4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: &使用FLVCD下载 - C:\Program Files\flvcd\flvcd_href.htm
IE: &使用FLVCD下载本页视频 - C:\Program Files\flvcd\flvcd_link.htm
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download by easyMule - C:\Program Files (x86)\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot -

Search & Destroy\SDHelper.dll
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} -

hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} -

hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32} : DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32}\245727765627B496E676 : DhcpNameServer = 165.21.83.88 165.21.100.88
TCP: Interfaces\{E7C972D3-5CF2-49AE-B7DA-C9821B34CD32}\4505D2C494E4B4F5342334830343 : DhcpNameServer = 218.186.1.58

202.156.1.68
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared

\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
BHO-X64: IE2EMBHO Class: {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files (x86)\easyMule\modules\IE2EM.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine

\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &

Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack

\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB

\prxtbDVDV.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO-X64: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
TB-X64: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar

\wltcore.dll
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB

\prxtbDVDV.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun-x64: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?

client=ff&src=kw&tb=BT5&o=15443&locale=en_US&apn_uid=8C31D010-E9C2-46EE-93DD-

2DD773F829F3&apn_ptnrs=GX&apn_sauid=2AC861FF-5EFF-4F16-B236-19F3B5C21533&apn_dtid=YYYYYYB8SG&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components

\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{038cb5c7-48ea-4af9-94e0

-a1646542e62b}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{038cb5c7-48ea-4af9-94e0

-a1646542e62b}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{872b5b88-9db5-4310-bdd0

-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{872b5b88-9db5-4310-bdd0

-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e6570cd8-9978-4621-b1f9

-6a62436f0466}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e6570cd8-9978-4621-b1f9

-6a62436f0466}\components\RadioWMPCore.dll
FF - plugin: C:\Downloads\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\Player\npvlc.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\KC\Downloads\Veetle\VLCBroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-03 16:18:59 -------- d-----w- C:\Windows\FltMgr
2011-07-03 16:16:26 -------- d-----w- C:\Users\KC\AppData\Local\Panda Security
2011-07-03 16:11:08 30792 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-07-03 16:07:30 48136 ----a-w- C:\Windows\System32\drivers\ShldFlt.sys
2011-07-03 16:07:30 -------- d-----w- C:\Program Files (x86)\Common Files\Panda Security
2011-07-03 13:56:31 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2011-07-03 13:31:54 -------- d--h--w- C:\$AVG
2011-07-03 13:09:36 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-07-03 13:09:15 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-07-03 13:02:09 -------- dc-h--w- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2011-07-03 13:01:27 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-03 12:41:44 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 12:41:42 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 12:41:04 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 12:40:38 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-03 12:40:38 -------- d-----w- C:\Program Files\AVAST Software
2011-07-03 12:32:04 -------- d-----w- C:\Users\KC\AppData\Roaming\AVG10
2011-07-03 12:25:27 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-01 13:46:11 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65F25D3A-

32C8-4076-BD7A-A1ED72CD10BC}\mpengine.dll
2011-06-29 08:56:50 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 08:56:50 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 08:56:49 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 08:56:49 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 08:56:49 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-27 16:29:24 -------- d--h--w- C:\ProgramData\Common Files
2011-06-27 16:09:41 -------- d-----w- C:\ProgramData\AVG10
2011-06-27 15:26:45 -------- d-----w- C:\ProgramData\MFAData
2011-06-19 04:40:49 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2011-06-18 21:22:56 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-06-18 21:22:25 362496 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-18 01:35:46 536576 ----a-w- C:\Windows\System32\Funshion.scr
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
2006-05-03 03:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 4:33:14.54 ===============









This is the Attach log:




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/11/2009 8:03:08 PM
System Uptime: 16/7/2011 3:55:50 AM (1 hours ago)
.
Motherboard: PEGATRON Corp. | | F83VF
Processor: Intel® Core™2 Duo CPU P8800 @ 2.66GHz | Socket 478 |

773/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 9.76 GiB free.
D: is FIXED (NTFS) - 335 GiB total, 332.42 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Link-Layer Topology Discovery Mapper I/O Driver
Device ID: ROOT\LEGACY_LLTDIO\0000
Manufacturer:
Name: Link-Layer Topology Discovery Mapper I/O Driver
PNP Device ID: ROOT\LEGACY_LLTDIO\0000
Service: lltdio
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C12A\7&C20B1B7&0&6C0E0D9810A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}

_VID&00010000_PID&C112\7&C20B1B7&0&0025E7A62B21_C00000000
Service:
.
==== System Restore Points ===================
.
RP452: 3/7/2011 8:40:00 PM - avast! Free Antivirus Setup
RP453: 3/7/2011 11:11:36 PM - Removed AVG 2011
RP454: 3/7/2011 11:15:43 PM - Removed AVG 2011
RP455: 4/7/2011 3:00:19 AM - Windows Update
RP456: 4/7/2011 10:27:41 AM - Windows Update
RP457: 5/7/2011 1:04:36 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
8BallClub Billiards
Acrobat.com
Actualiza??o do Microsoft Office Excel 2007 Help (KB963678)
Actualiza??o do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualiza??o do Microsoft Office Word 2007 Help (KB963665)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Ask Toolbar
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_Camera_ScreenSaver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Atualiza??o do produto Microsoft Office Excel 2007 Help (KB963678)
Atualiza??o do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualiza??o do produto Microsoft Office Word 2007 Help (KB963665)
avast! Free Antivirus
BitTorrent
BOCNET Security Applet 1.5
Bonjour
Cisco Network Magic
Conduit Engine
ControlDeck
Creative Centrale
Creative Software Update
Creative ZEN X-Fi2 Documentation
CyberLink LabelPrint
CyberLink Power2Go
DkZ Studio
DVDVideoSoftTB Toolbar
easyMule
êí?í? áü Microsoft Office Excel 2007 Help (KB963678)
êí?í? áü Microsoft Office Powerpoint 2007 Help (KB963669)
êí?í? áü Microsoft Office Word 2007 Help (KB963665)
Express Burn Disc Burning Software
Express Gate
Facebook Plug-In
Free Studio version 5.0.8
GoldWave v5.55
Google Chrome
Google Update Helper
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Media Go
MediaGet2 version 2.1.537.0
MediaGet2 version 2.1.716.0
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help ?o?oí??à′· (KB963678)
Microsoft Office Excel 2007 Help ?üD? (KB963678)
Microsoft Office Excel 2007 Help §ó·sμ{|? (KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help Güncellettirmesi (KB963678)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office Home and Student 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office OneNote MUI (Thai) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office PowerPoint 2007 §ó·sμ{|? (KB963669)
Microsoft Office Powerpoint 2007 Help ?o?oí??à′· (KB963669)
Microsoft Office Powerpoint 2007 Help ?üD? (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sμ{|? (KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help Güncellettirmesi (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 §ó·sμ{|? (KB963665)
Microsoft Office Word 2007 Help ?o?oí??à′· (KB963665)
Microsoft Office Word 2007 Help ?üD? (KB963665)
Microsoft Office Word 2007 Help §ó·sμ{|? (KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help Güncellettirmesi (KB963665)
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mobile Broadband Modem
Mozilla Firefox 5.0 (x86 en-US)
Mp3tag v2.46a
MSVCRT
Network Magic
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Orbit Downloader
Panda Antivirus Pro 2012
Panda Secure Vault 5
PlayStation®Network Downloader
PlayStation®Store
PPS影音 V2.7.0.1208 正式版
PPS游戏 V1.0.1.238
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
RelevantKnowledge
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
SpywareBlaster 4.4
TagScanner 5.1.596
Tencent QQ
ToggleEN Toolbar
TVUPlayer 2.5.3.1
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
v2011.build.44
Veetle TV 0.9.17
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.2
Vodafone Mobile Connect Lite Runtime Components
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinRAR archiver
Wireless Console 3
中国银行网上银行安全控件 1.5
硕鼠 0.4.5.16 正式版
.
==== Event Viewer Messages From Past Week ========
.
16/7/2011 4:32:29 AM, Error: Service Control Manager [7023] - The Remote

Access Connection Manager service terminated with the following error: The

system cannot find the device specified.
16/7/2011 4:32:29 AM, Error: RasMan [20063] - Remote Access Connection

Manager failed to start because the Protocol engine [vpnike.dll] failed to

initialize. The system cannot find the device specified.
16/7/2011 4:01:34 AM, Error: Service Control Manager [7009] - A timeout

was reached (30000 milliseconds) while waiting for the Google Update

Service (gupdate) service to connect.
16/7/2011 4:01:34 AM, Error: Service Control Manager [7000] - The Google

Update Service (gupdate) service failed to start due to the following

error: The service did not respond to the start or control request in a

timely fashion.
16/7/2011 3:57:55 AM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: FileDisk

ProtectorA
16/7/2011 3:57:30 AM, Error: Service Control Manager [7009] - A timeout

was reached (30000 milliseconds) while waiting for the Pure Networks

Platform Service service to connect.
16/7/2011 3:57:30 AM, Error: Service Control Manager [7000] - The Pure

Networks Platform Service service failed to start due to the following

error: The service did not respond to the start or control request in a

timely fashion.
16/7/2011 3:56:31 AM, Error: Service Control Manager [7000] - The Link-

Layer Topology Discovery Mapper I/O Driver service failed to start due to

the following error: Windows cannot verify the digital signature for this

file. A recent hardware or software change might have installed a file that

is signed incorrectly or damaged, or that might be malicious software from

an unknown source.
.
==== End Of File ===========================







Thank you!! Looking forward to your reply when i wake up later!!

Note:
The Windows Media Player problem is still the same. (Please see the attached i posted earlier. Looks disgusting and odd. It is obviously not working.)
Theres no sound from youtube.
Computer is very laggy, having a hard time typing this out. Thats why i used another lappy to make the post earlier.
The pop out boxes scare me cuz all of them are about system32, so i guess it must be serious.




*NEW UPDATE*
After i closed all windows (browser, notepad), 2 pop up boxes of the same message appears.

The header is: RunDLL

The message is:
There was a problem starting C:\Windows\System32\inetcpl.cpl
C:\Windows\System32\inetcpl.cpl is not a valid Win32 application.



And each time when i shut down, this message will appear:
Please do not power off or unplug your machine.
Installing update 1 of 6 .......



I think something must be terribly wrong because there cant be so many updates whenever i try to shut the lappy down, isnt it? (It has happened since July 4th because thats the day when i first checked on my bro's lappy. Im sure this problem has started way before that, he just didnt tell me about it.) And it will take a longgggggg time so id leave it on and go to sleep whenever this msg appears.


Sigh.

Edited by rody, 15 July 2011 - 04:14 PM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 17 July 2011 - 08:22 AM

Hi rody,

Apologies for the delay. I'll be assisting you with this issue.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attacht Extra.txt to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#6 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 17 July 2011 - 11:49 AM

Hi farbar, thank you for the assistance and time!

TDSSKiller Log: (it did not ask me to reboot the com, the scan took very fast to complete. It detected 1 suspicious object from: C:\Windows\system32\Drivers\sptd.sys) (i printscreen it down)


2011/07/17 23:52:54.0456 6044 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 23:52:55.0881 6044 ================================================================================
2011/07/17 23:52:55.0881 6044 SystemInfo:
2011/07/17 23:52:55.0881 6044
2011/07/17 23:52:55.0881 6044 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/17 23:52:55.0881 6044 Product type: Workstation
2011/07/17 23:52:55.0881 6044 ComputerName: KC-PC
2011/07/17 23:52:55.0881 6044 UserName: KC
2011/07/17 23:52:55.0881 6044 Windows directory: C:\Windows
2011/07/17 23:52:55.0881 6044 System windows directory: C:\Windows
2011/07/17 23:52:55.0881 6044 Running under WOW64
2011/07/17 23:52:55.0881 6044 Processor architecture: Intel x64
2011/07/17 23:52:55.0881 6044 Number of processors: 2
2011/07/17 23:52:55.0881 6044 Page size: 0x1000
2011/07/17 23:52:55.0881 6044 Boot type: Normal boot
2011/07/17 23:52:55.0881 6044 ================================================================================
2011/07/17 23:52:58.0463 6044 Initialize success
2011/07/17 23:53:13.0357 3676 ================================================================================
2011/07/17 23:53:13.0367 3676 Scan started
2011/07/17 23:53:13.0368 3676 Mode: Manual;
2011/07/17 23:53:13.0368 3676 ================================================================================
2011/07/17 23:53:14.0371 3676 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS

\1394ohci.sys
2011/07/17 23:53:14.0655 3676 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/17 23:53:15.0084 3676 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/17 23:53:15.0212 3676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/17 23:53:15.0411 3676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/17 23:53:15.0561 3676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/17 23:53:15.0723 3676 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/17 23:53:15.0863 3676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/17 23:53:16.0023 3676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/17 23:53:16.0173 3676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/17 23:53:16.0355 3676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/17 23:53:16.0563 3676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/17 23:53:16.0697 3676 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/17 23:53:16.0817 3676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/17 23:53:18.0455 3676 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/17 23:53:18.0551 3676 AmFSM (71336e77f98a65efaaeb950902611d3f) C:\Windows\system32\DRIVERS\amm6460.sys
2011/07/17 23:53:18.0685 3676 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/17 23:53:18.0915 3676 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/17 23:53:19.0005 3676 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/17 23:53:19.0085 3676 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
2011/07/17 23:53:19.0208 3676 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
2011/07/17 23:53:19.0469 3676 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers

\aswFsBlk.sys
2011/07/17 23:53:19.0773 3676 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers

\aswMonFlt.sys
2011/07/17 23:53:21.0091 3676 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
2011/07/17 23:53:21.0210 3676 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
2011/07/17 23:53:21.0581 3676 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
2011/07/17 23:53:22.0865 3676 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
2011/07/17 23:53:23.0333 3676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS

\asyncmac.sys
2011/07/17 23:53:23.0485 3676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/17 23:53:23.0627 3676 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/17 23:53:24.0033 3676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/17 23:53:25.0321 3676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS

\b57nd60a.sys
2011/07/17 23:53:25.0875 3676 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/17 23:53:26.0098 3676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS

\blbdrive.sys
2011/07/17 23:53:26.0180 3676 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/17 23:53:26.0330 3676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS

\BrFiltLo.sys
2011/07/17 23:53:26.0380 3676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS

\BrFiltUp.sys
2011/07/17 23:53:26.0440 3676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/17 23:53:26.0503 3676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers

\BrSerWdm.sys
2011/07/17 23:53:26.0582 3676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers

\BrUsbMdm.sys
2011/07/17 23:53:26.0622 3676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers

\BrUsbSer.sys
2011/07/17 23:53:27.0042 3676 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/07/17 23:53:27.0169 3676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS

\bthmodem.sys
2011/07/17 23:53:27.0265 3676 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/17 23:53:27.0454 3676 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
2011/07/17 23:53:27.0716 3676 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
2011/07/17 23:53:27.0816 3676 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers

\btwaudio.sys
2011/07/17 23:53:29.0138 3676 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/07/17 23:53:30.0642 3676 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS

\btwl2cap.sys
2011/07/17 23:53:30.0820 3676 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS

\btwrchid.sys
2011/07/17 23:53:31.0076 3676 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/17 23:53:31.0312 3676 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/17 23:53:31.0539 3676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS

\circlass.sys
2011/07/17 23:53:31.0786 3676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/17 23:53:31.0978 3676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/17 23:53:32.0035 3676 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/17 23:53:32.0130 3676 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/17 23:53:32.0272 3676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS

\compbatt.sys
2011/07/17 23:53:32.0374 3676 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS

\CompositeBus.sys
2011/07/17 23:53:32.0484 3676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/17 23:53:32.0768 3676 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/17 23:53:32.0880 3676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers

\discache.sys
2011/07/17 23:53:32.0969 3676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/17 23:53:33.0129 3676 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/17 23:53:33.0282 3676 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/17 23:53:33.0886 3676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/17 23:53:34.0552 3676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/17 23:53:35.0136 3676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/17 23:53:35.0538 3676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/17 23:53:35.0640 3676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/17 23:53:35.0800 3676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/17 23:53:36.0076 3676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers

\fileinfo.sys
2011/07/17 23:53:36.0131 3676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers

\filetrace.sys
2011/07/17 23:53:36.0198 3676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS

\flpydisk.sys
2011/07/17 23:53:36.0300 3676 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/17 23:53:36.0432 3676 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers

\FsDepends.sys
2011/07/17 23:53:36.0562 3676 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/17 23:53:36.0644 3676 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/17 23:53:36.0756 3676 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/17 23:53:37.0358 3676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS

\gagp30kx.sys
2011/07/17 23:53:37.0473 3676 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS

\GEARAspiWDM.sys
2011/07/17 23:53:37.0740 3676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers

\hcw85cir.sys
2011/07/17 23:53:37.0912 3676 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/17 23:53:38.0064 3676 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS

\HDAudBus.sys
2011/07/17 23:53:38.0426 3676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/17 23:53:38.0508 3676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/17 23:53:38.0558 3676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/17 23:53:38.0716 3676 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/17 23:53:38.0887 3676 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/17 23:53:39.0026 3676 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/17 23:53:39.0152 3676 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS

\ewusbmdm.sys
2011/07/17 23:53:39.0385 3676 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers

\hwpolicy.sys
2011/07/17 23:53:39.0546 3676 hwusbdev (230c041af8df1d2308c3ac5146e3ff4f) C:\Windows\system32\DRIVERS

\ewusbdev.sys
2011/07/17 23:53:39.0861 3676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS

\i8042prt.sys
2011/07/17 23:53:39.0933 3676 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/17 23:53:40.0035 3676 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/17 23:53:41.0309 3676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/17 23:53:42.0639 3676 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers

\RTKVHD64.sys
2011/07/17 23:53:42.0951 3676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS

\intelide.sys
2011/07/17 23:53:43.0060 3676 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS

\intelppm.sys
2011/07/17 23:53:43.0977 3676 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS

\ipfltdrv.sys
2011/07/17 23:53:45.0821 3676 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/17 23:53:45.0901 3676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/17 23:53:47.0795 3676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/17 23:53:47.0855 3676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/17 23:53:47.0905 3676 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/17 23:53:47.0975 3676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS

\kbdclass.sys
2011/07/17 23:53:48.0035 3676 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/17 23:53:48.0145 3676 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/07/17 23:53:48.0247 3676 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/17 23:53:48.0327 3676 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/17 23:53:48.0427 3676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/17 23:53:48.0599 3676 L1C (01c711667abedf8148998f3ac91991db) C:\Windows\system32\DRIVERS

\L1C62x64.sys
2011/07/17 23:53:48.0739 3676 Lbd (a352cdb69af6e18d60c0001d540d8478) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/17 23:53:48.0911 3676 lltdio (1165dbebb0b8e291fdc3d50312041685) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/17 23:53:49.0011 3676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/17 23:53:49.0071 3676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/17 23:53:49.0151 3676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS

\lsi_sas2.sys
2011/07/17 23:53:49.0263 3676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS

\lsi_scsi.sys
2011/07/17 23:53:49.0453 3676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/17 23:53:49.0533 3676 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
2011/07/17 23:53:49.0603 3676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/17 23:53:49.0693 3676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/17 23:53:50.0889 3676 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/17 23:53:50.0949 3676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/17 23:53:51.0029 3676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS

\mouclass.sys
2011/07/17 23:53:51.0119 3676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/17 23:53:51.0159 3676 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers

\mountmgr.sys
2011/07/17 23:53:51.0189 3676 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/17 23:53:51.0229 3676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/17 23:53:51.0329 3676 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/17 23:53:51.0409 3676 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 23:53:51.0489 3676 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS

\mrxsmb10.sys
2011/07/17 23:53:51.0593 3676 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS

\mrxsmb20.sys
2011/07/17 23:53:51.0693 3676 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/17 23:53:51.0773 3676 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/17 23:53:51.0863 3676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/17 23:53:51.0903 3676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers

\mshidkmdf.sys
2011/07/17 23:53:51.0953 3676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS

\msisadrv.sys
2011/07/17 23:53:52.0042 3676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/17 23:53:52.0106 3676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers

\MSPCLOCK.sys
2011/07/17 23:53:52.0146 3676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/17 23:53:52.0186 3676 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/17 23:53:52.0246 3676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS

\mssmbios.sys
2011/07/17 23:53:52.0398 3676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/17 23:53:52.0468 3676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS

\MTConfig.sys
2011/07/17 23:53:52.0568 3676 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS

\ATK64AMD.sys
2011/07/17 23:53:52.0668 3676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/17 23:53:52.0878 3676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/17 23:53:53.0030 3676 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/17 23:53:53.0232 3676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/17 23:53:53.0322 3676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS

\ndistapi.sys
2011/07/17 23:53:53.0402 3676 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/17 23:53:53.0492 3676 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/17 23:53:53.0602 3676 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/17 23:53:53.0742 3676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/17 23:53:53.0812 3676 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/17 23:53:54.0214 3676 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS

\NETw1v64.sys
2011/07/17 23:53:56.0518 3676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/17 23:53:56.0698 3676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/17 23:53:56.0790 3676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers

\nsiproxy.sys
2011/07/17 23:53:56.0910 3676 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/17 23:53:58.0264 3676 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/17 23:53:58.0344 3676 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers

\nvhda64v.sys
2011/07/17 23:53:58.0878 3676 nvlddmkm (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS

\nvlddmkm.sys
2011/07/17 23:53:59.0810 3676 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/17 23:53:59.0880 3676 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/17 23:54:00.0070 3676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/17 23:54:00.0210 3676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS

\ohci1394.sys
2011/07/17 23:54:00.0432 3676 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/17 23:54:00.0512 3676 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/17 23:54:00.0664 3676 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers

\pavboot64.sys
2011/07/17 23:54:01.0024 3676 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/17 23:54:01.0094 3676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/17 23:54:01.0174 3676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/17 23:54:01.0254 3676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/17 23:54:01.0369 3676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/17 23:54:01.0640 3676 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
2011/07/17 23:54:01.0962 3676 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/17 23:54:02.0022 3676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS

\processr.sys
2011/07/17 23:54:02.0322 3676 ProtectorA (f4dd1a2904fc616e2cc603b4dbcd1b29) C:\Windows\syswow64\drivers

\ProtectorA.sys
2011/07/17 23:54:02.0484 3676 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/17 23:54:02.0684 3676 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS

\purendis.sys
2011/07/17 23:54:02.0844 3676 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers

\PxHlpa64.sys
2011/07/17 23:54:02.0976 3676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/17 23:54:04.0732 3676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/17 23:54:06.0300 3676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers

\qwavedrv.sys
2011/07/17 23:54:06.0372 3676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/17 23:54:06.0462 3676 RasAgileVpn (43fb98774bf87639424e002a0cdf6201) C:\Windows\system32\DRIVERS

\AgileVpn.sys
2011/07/17 23:54:06.0574 3676 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 23:54:06.0656 3676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS

\raspppoe.sys
2011/07/17 23:54:06.0716 3676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/17 23:54:06.0756 3676 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/17 23:54:06.0816 3676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/17 23:54:06.0886 3676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 23:54:06.0966 3676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers

\rdpencdd.sys
2011/07/17 23:54:07.0036 3676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers

\rdprefmp.sys
2011/07/17 23:54:07.0106 3676 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/17 23:54:07.0206 3676 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers

\rdyboost.sys
2011/07/17 23:54:07.0368 3676 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/17 23:54:07.0780 3676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/17 23:54:07.0910 3676 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS

\s1018bus.sys
2011/07/17 23:54:08.0000 3676 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS

\s1018mdfl.sys
2011/07/17 23:54:08.0080 3676 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS

\s1018mdm.sys
2011/07/17 23:54:08.0270 3676 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS

\s1018mgmt.sys
2011/07/17 23:54:08.0410 3676 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS

\s1018nd5.sys
2011/07/17 23:54:08.0490 3676 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS

\s1018obex.sys
2011/07/17 23:54:08.0590 3676 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS

\s1018unic.sys
2011/07/17 23:54:08.0772 3676 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS

\sbp2port.sys
2011/07/17 23:54:08.0902 3676 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS

\scfilter.sys
2011/07/17 23:54:09.0022 3676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/17 23:54:09.0152 3676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/17 23:54:09.0242 3676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/17 23:54:09.0322 3676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS

\sermouse.sys
2011/07/17 23:54:09.0474 3676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/17 23:54:09.0556 3676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS

\sffp_mmc.sys
2011/07/17 23:54:09.0626 3676 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/17 23:54:09.0816 3676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/17 23:54:10.0048 3676 ShldFlt (03639a3b26aa808bae79d89fdb4b151c) C:\Windows\system32\DRIVERS\ShldFlt.sys
2011/07/17 23:54:10.0168 3676 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/07/17 23:54:10.0258 3676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS

\SiSRaid2.sys
2011/07/17 23:54:10.0338 3676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS

\sisraid4.sys
2011/07/17 23:54:10.0480 3676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/17 23:54:10.0792 3676 SNP2UVC (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/17 23:54:11.0076 3676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/17 23:54:11.0308 3676 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
2011/07/17 23:54:11.0318 3676 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5:

88e5162e58c8919cc873f5d8946197cf
2011/07/17 23:54:11.0338 3676 sptd - detected LockedFile.Multi.Generic (1)
2011/07/17 23:54:11.0498 3676 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/17 23:54:12.0808 3676 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/17 23:54:12.0868 3676 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/17 23:54:13.0080 3676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS

\stexstor.sys
2011/07/17 23:54:13.0160 3676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/17 23:54:13.0350 3676 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/17 23:54:13.0652 3676 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/17 23:54:14.0920 3676 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/17 23:54:15.0032 3676 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers

\tcpipreg.sys
2011/07/17 23:54:15.0144 3676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/17 23:54:15.0364 3676 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/17 23:54:15.0574 3676 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/17 23:54:15.0756 3676 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/17 23:54:16.0264 3676 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS

\tssecsrv.sys
2011/07/17 23:54:16.0504 3676 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/17 23:54:17.0778 3676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/17 23:54:17.0910 3676 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/17 23:54:18.0372 3676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS

\uliagpkx.sys
2011/07/17 23:54:18.0502 3676 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/17 23:54:18.0592 3676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/17 23:54:18.0774 3676 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers

\usbaapl64.sys
2011/07/17 23:54:18.0849 3676 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/17 23:54:18.0996 3676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/17 23:54:19.0088 3676 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/17 23:54:19.0168 3676 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/17 23:54:19.0382 3676 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/17 23:54:19.0572 3676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS

\usbprint.sys
2011/07/17 23:54:19.0714 3676 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/17 23:54:19.0866 3676 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/17 23:54:20.0078 3676 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers

\usbvideo.sys
2011/07/17 23:54:20.0253 3676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS

\vdrvroot.sys
2011/07/17 23:54:20.0423 3676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/17 23:54:20.0545 3676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/17 23:54:20.0613 3676 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/17 23:54:20.0667 3676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/17 23:54:20.0899 3676 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/17 23:54:21.0019 3676 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/17 23:54:21.0975 3676 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/17 23:54:22.0253 3676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/17 23:54:22.0413 3676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS

\vwifibus.sys
2011/07/17 23:54:22.0575 3676 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS

\vwififlt.sys
2011/07/17 23:54:22.0727 3676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS

\wacompen.sys
2011/07/17 23:54:22.0816 3676 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 23:54:22.0869 3676 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 23:54:23.0221 3676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/17 23:54:24.0495 3676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers

\Wdf01000.sys
2011/07/17 23:54:24.0847 3676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/17 23:54:25.0017 3676 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/17 23:54:25.0117 3676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers

\wimmount.sys
2011/07/17 23:54:25.0479 3676 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/17 23:54:25.0793 3676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/17 23:54:26.0609 3676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/17 23:54:27.0133 3676 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/17 23:54:27.0323 3676 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 23:54:27.0655 3676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/17 23:54:27.0687 3676 Boot (0x1200) (1a47fc328ee83bf52873a5905805435f) \Device\Harddisk0\DR0\Partition0
2011/07/17 23:54:27.0727 3676 Boot (0x1200) (58774eaf1b790e293144b4a0134016c9) \Device\Harddisk0\DR0\Partition1
2011/07/17 23:54:27.0737 3676 ================================================================================
2011/07/17 23:54:27.0737 3676 Scan finished
2011/07/17 23:54:27.0737 3676 ================================================================================
2011/07/17 23:54:27.0757 1188 Detected object count: 1
2011/07/17 23:54:27.0757 1188 Actual detected object count: 1
2011/07/17 23:55:28.0761 1188 LockedFile.Multi.Generic(sptd) - User select action: Skip





OTL Log File:
OTL logfile created on: 7/18/2011 12:02:59 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\KC\Desktop\VIRUS STUFFS
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 40.84% Memory free
8.00 Gb Paging File | 5.31 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 9.66 Gb Free Space | 8.29% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 332.42 Gb Free Space | 99.33% Space Free | Partition Type: NTFS

Computer Name: KC-PC | User Name: KC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 00:00:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\KC\Desktop\VIRUS STUFFS\OTL.exe
PRC - [2011/07/08 18:11:32 | 008,012,008 | ---- | M] (MediaGet LLC) -- C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe
PRC - [2011/07/03 21:04:22 | 000,789,392 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/07/03 21:04:19 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/10 20:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 20:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/14 22:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
PRC - [2011/04/13 23:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011/03/17 12:42:46 | 007,594,456 | ---- | M] (http://www.verycd.com) -- C:\Program Files (x86)\easyMule\emule.exe
PRC - [2010/12/29 16:43:40 | 005,419,912 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe
PRC - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
PRC - [2009/10/26 23:05:23 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
PRC - [2009/07/25 01:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/07/24 08:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009/07/23 08:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/18 11:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/17 01:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/08 02:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/02 09:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/06/25 03:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/20 01:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 01:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 08:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 06:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/21 02:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/07 16:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/23 08:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 12:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 11:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/07/19 10:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008/03/31 17:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2007/12/01 02:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 15:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/05/29 00:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 00:00:32 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\KC\Desktop\VIRUS STUFFS\OTL.exe
MOD - [2011/05/10 20:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/06/21 17:01:48 | 000,546,624 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysWOW64\PavSHookWow.dll
MOD - [2009/08/10 13:46:20 | 000,025,344 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysWOW64\sysHelper32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 20:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/11/11 14:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 14:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 13:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/09/16 04:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 09:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 15:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/07/03 21:04:19 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/14 22:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe -- (TPSrv)
SRV - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/07/24 08:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2009/06/16 08:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/05/21 19:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/03/31 17:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/05/29 00:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 19:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/17 14:26:15 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/22 18:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2010/05/21 13:50:50 | 000,065,608 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2009/10/27 12:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009/09/23 20:55:23 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/10 18:52:05 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/24 15:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/21 01:48:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/21 01:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 12:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 12:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 12:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 11:53:45 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/27 04:25:09 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/20 10:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 03:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 16:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 17:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 15:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/04/07 15:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/07 15:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/03/25 23:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009/03/25 23:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009/03/25 23:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009/03/25 23:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009/03/25 23:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009/03/25 23:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009/03/25 23:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008/05/24 08:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/25 02:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/11/26 16:28:46 | 000,017,288 | ---- | M] (www.ISRA.org.cn) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\ProtectorA.sys -- (ProtectorA)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.326.1
FF - prefs.js..extensions.enabledItems: {e6570cd8-9978-4621-b1f9-6a62436f0466}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:2.7.2.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.5809
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=en_US&apn_uid=8C31D010-E9C2-46EE-93DD-2DD773F829F3&apn_ptnrs=GX&apn_sauid=2AC861FF-5EFF-4F16-B236-19F3B5C21533&apn_dtid=YYYYYYB8SG&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Downloads\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Users\KC\Downloads\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Users\KC\Downloads\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Users\KC\Downloads\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\KC\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge [2010/12/25 18:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/03 20:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2011/06/19 01:12:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins

[2009/11/26 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KC\AppData\Roaming\Mozilla\Extensions
[2011/06/26 18:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions
[2011/06/26 18:54:09 | 000,000,000 | ---D | M] (ToggleEN Community Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[2011/06/26 18:54:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/07 23:18:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/26 18:54:13 | 000,000,000 | ---D | M] (Softonic VLC EN Community Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e6570cd8-9978-4621-b1f9-6a62436f0466}
[2011/06/26 18:54:14 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2010/01/22 02:15:10 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/04/09 17:19:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\engine@conduit.com
[2011/05/20 17:43:10 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\engine@plasmoo.com
[2010/06/21 02:43:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\firefox@tvunetworks.com
[2011/05/31 15:27:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\extensions\toolbar@ask.com
[2011/07/04 21:23:17 | 000,002,567 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\searchplugins\askcom.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\umuyfjc7.default\searchplugins\plasmoo.xml
[2010/11/28 12:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/19 03:18:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/06 20:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\KC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMUYFJC7.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/06/06 20:41:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll (Conduit Ltd.)
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files (x86)\easyMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTog0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - File not found
O3 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [eMuleAutoStart] C:\Program Files (x86)\easyMule\eMule.exe (http://www.verycd.com)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [MediaGet2] C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &使用FLVCD下载 - C:\Program Files\flvcd\flvcd_href.htm ()
O8:64bit: - Extra context menu item: &使用FLVCD下载本页视频 - C:\Program Files\flvcd\flvcd_link.htm ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Download by easyMule - C:\Program Files (x86)\easyMule\IE2EM.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &使用FLVCD下载 - C:\Program Files\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: &使用FLVCD下载本页视频 - C:\Program Files\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download by easyMule - C:\Program Files (x86)\easyMule\IE2EM.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\KC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3764852082-4103192649-623538744-1000\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.68 202.156.1.78
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll ()
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Key error. - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1284a490-4e02-11df-ad78-90e6ba200640}\Shell - "" = AutoRun
O33 - MountPoints2\{1284a490-4e02-11df-ad78-90e6ba200640}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{c4b10f69-4df0-11df-a03f-90e6ba200640}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b10f69-4df0-11df-a03f-90e6ba200640}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 05:10:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/16 05:10:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/16 05:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 05:10:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 05:10:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 05:10:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 05:10:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 05:10:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 05:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 05:10:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 05:10:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 05:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 05:10:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 05:10:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 05:10:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 05:10:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 05:10:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 05:10:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 05:10:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 05:10:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 05:10:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 05:10:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 05:10:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/16 05:10:43 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/16 05:10:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/16 05:10:43 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/16 05:10:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/16 05:10:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 05:10:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/16 05:10:42 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/16 05:10:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/16 05:10:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/16 05:10:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/16 05:10:39 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/04 00:46:57 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\VIRUS STUFFS
[2011/07/04 00:18:59 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/07/04 00:16:26 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Local\Panda Security
[2011/07/04 00:11:08 | 000,030,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011/07/04 00:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/07/04 00:10:58 | 000,046,640 | ---- | C] (Panda Software) -- C:\Windows\SysNative\pavcpl64.cpl
[2011/07/04 00:10:34 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2011/07/04 00:10:29 | 000,323,392 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\TpUtil64.dll
[2011/07/04 00:10:29 | 000,202,048 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\TpUtilWow.dll
[2011/07/04 00:10:29 | 000,114,496 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavLspHook64.dll
[2011/07/04 00:10:29 | 000,090,944 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavIpc64.dll
[2011/07/04 00:10:29 | 000,087,872 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavLspHookWow.dll
[2011/07/04 00:10:29 | 000,066,880 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavIpcWow.dll
[2011/07/04 00:10:29 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\sysHelper64.dll
[2011/07/04 00:10:29 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\sysHelper32.dll
[2011/07/04 00:10:28 | 000,839,488 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavSHook64.dll
[2011/07/04 00:10:28 | 000,546,624 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavSHookWow.dll
[2011/07/04 00:10:25 | 000,064,768 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\SysNative\avldr64.dll
[2011/07/04 00:10:24 | 000,065,608 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\amm6460.sys
[2011/07/04 00:10:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2011/07/04 00:10:23 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\Panda Security
[2011/07/04 00:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/07/04 00:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/07/04 00:07:30 | 000,048,136 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\ShldFlt.sys
[2011/07/04 00:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/07/03 23:41:04 | 007,127,360 | ---- | C] (McAfee Inc.) -- C:\Users\KC\Desktop\stinger10.2.0.146.exe
[2011/07/03 21:31:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/03 21:09:36 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/07/03 21:09:15 | 000,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/07/03 21:02:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2011/07/03 21:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/03 21:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/03 21:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/07/03 20:41:56 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/03 20:41:56 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 20:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/03 20:41:46 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/03 20:41:45 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/03 20:41:44 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/03 20:41:42 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/03 20:41:42 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/03 20:41:04 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/03 20:41:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/03 20:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/03 20:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/03 20:32:04 | 000,000,000 | ---D | C] -- C:\Users\KC\AppData\Roaming\AVG10
[2011/07/03 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/06/30 20:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2011/06/30 20:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2011/06/29 17:29:46 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 17:29:45 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 17:29:45 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 17:29:45 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 17:29:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 17:29:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 17:29:43 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 17:29:43 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 17:29:43 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 17:29:43 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 17:29:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 17:29:43 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 17:29:43 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 17:29:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 16:56:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 16:56:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/28 00:29:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/28 00:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/27 23:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/27 23:01:10 | 040,546,781 | ---- | C] (pcsafedoctor.com, Inc. ) -- C:\Users\KC\Desktop\PCSafeDoctor_Setup.exe
[2011/06/26 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\PS3 Hack
[2011/06/26 20:19:47 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\Tenchi O Kurau 2
[2011/06/19 12:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/19 12:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/18 17:55:35 | 000,000,000 | ---D | C] -- C:\Users\KC\Desktop\First Multi Disk Popstation GUI
[2008/08/12 12:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 23:51:19 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 23:51:19 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 23:48:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 23:44:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/17 23:44:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/07/17 23:44:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/07/17 23:44:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/07/17 23:44:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/07/17 23:42:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 23:41:06 | 000,379,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/17 23:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 23:40:48 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 05:17:12 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/16 05:17:12 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 05:17:12 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/16 04:18:21 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2011/07/04 21:45:21 | 000,001,737 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/07/04 21:45:19 | 000,001,838 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/04 10:26:26 | 000,000,017 | ---- | M] () -- C:\Users\KC\Desktop\stinger10.2.0.146.opt
[2011/07/04 00:11:39 | 000,002,111 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2012.lnk
[2011/07/04 00:11:39 | 000,000,262 | ---- | M] () -- C:\Windows\SysNative\PavCPL64.dat
[2011/07/03 23:41:16 | 007,127,360 | ---- | M] (McAfee Inc.) -- C:\Users\KC\Desktop\stinger10.2.0.146.exe
[2011/07/03 23:17:57 | 000,292,792 | ---- | M] () -- C:\Users\KC\Desktop\virus4.jpg
[2011/07/03 21:09:11 | 000,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/07/03 21:08:25 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/07/03 21:02:00 | 000,001,168 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/07/03 21:02:00 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/03 20:41:57 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/03 20:41:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/02 01:51:27 | 000,012,288 | ---- | M] () -- C:\Users\KC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 23:21:07 | 000,000,000 | ---- | M] () -- C:\Users\KC\Desktop\ParetoLogic PC Health Advisor.exe
[2011/06/27 23:14:57 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/06/27 23:10:29 | 040,546,781 | ---- | M] (pcsafedoctor.com, Inc. ) -- C:\Users\KC\Desktop\PCSafeDoctor_Setup.exe
[2011/06/19 12:40:51 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/19 01:13:27 | 000,002,153 | ---- | M] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2011/06/18 17:55:27 | 000,899,485 | ---- | M] () -- C:\Users\KC\Desktop\First Multi Disk Popstation GUI.rar

========== Files Created - No Company Name ==========

[2011/07/04 10:26:26 | 000,000,017 | ---- | C] () -- C:\Users\KC\Desktop\stinger10.2.0.146.opt
[2011/07/04 00:34:35 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2011/07/04 00:11:39 | 000,002,111 | ---- | C] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2012.lnk
[2011/07/04 00:11:39 | 000,000,262 | ---- | C] () -- C:\Windows\SysNative\PavCPL64.dat
[2011/07/03 23:22:31 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/03 23:22:30 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/07/03 23:22:29 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/07/03 23:22:25 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/07/03 23:22:22 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/07/03 23:17:56 | 000,292,792 | ---- | C] () -- C:\Users\KC\Desktop\virus4.jpg
[2011/07/03 21:56:31 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/07/03 21:02:00 | 000,001,168 | ---- | C] () -- C:\Users\KC\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/07/03 21:02:00 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/03 20:41:57 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/03 20:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/27 23:21:02 | 000,000,000 | ---- | C] () -- C:\Users\KC\Desktop\ParetoLogic PC Health Advisor.exe
[2011/06/27 23:14:57 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/06/19 12:40:51 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/18 17:54:51 | 000,899,485 | ---- | C] () -- C:\Users\KC\Desktop\First Multi Disk Popstation GUI.rar
[2011/06/05 18:47:44 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2011/05/18 09:35:46 | 000,001,138 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2011/03/20 14:41:37 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\apexchanger.exe
[2011/03/20 14:41:37 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\apex3gp.exe
[2011/03/20 14:41:36 | 004,755,968 | ---- | C] () -- C:\Windows\SysWow64\apexconverter.exe
[2011/03/20 14:41:35 | 003,138,048 | ---- | C] () -- C:\Windows\SysWow64\apexxbox.exe
[2011/03/20 14:41:35 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AddiTunes.exe
[2011/03/20 14:41:35 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/03/20 14:41:35 | 000,007,196 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AAC.ini
[2011/03/20 14:41:35 | 000,006,490 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PSP.ini
[2011/03/20 14:41:35 | 000,005,028 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP2_AAC.ini
[2011/03/20 14:41:35 | 000,003,116 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Zune.ini
[2011/03/20 14:41:35 | 000,003,045 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_iPod.ini
[2011/03/20 14:41:35 | 000,002,956 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PMP.ini
[2011/03/20 14:41:35 | 000,002,910 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AMR.ini
[2011/03/20 14:41:35 | 000,002,516 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PPC.ini
[2011/03/20 14:41:35 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QVGA_AAC.ini
[2011/03/20 14:41:35 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QCIF_AAC.ini
[2011/03/20 14:41:35 | 000,001,878 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Xbox.ini
[2011/03/20 14:41:35 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AMR.ini
[2011/03/20 14:41:35 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AAC.ini
[2011/03/20 14:41:35 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AMR.ini
[2011/03/20 14:41:35 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AAC.ini
[2011/03/20 14:41:35 | 000,000,036 | ---- | C] () -- C:\Windows\SysWow64\INI_Add_mfra.ini
[2011/03/20 14:41:30 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/03/10 21:31:40 | 002,690,560 | ---- | C] () -- C:\Windows\SysWow64\mstscax.dll
[2011/02/04 02:07:25 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/11/19 03:22:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/22 23:00:56 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2010/01/22 04:20:57 | 000,685,056 | ---- | C] () -- C:\Windows\is-FDEJK.exe
[2010/01/20 04:49:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/01/05 23:53:24 | 000,012,288 | ---- | C] () -- C:\Users\KC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 23:05:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/08/19 16:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 16:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 13:21:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetWallpaper.exe
[2009/07/29 13:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd
[2009/07/29 13:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 08:03:12 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\wdmaud.drv
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:37:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\srvcli.dll
[2009/07/14 07:29:14 | 001,011,200 | ---- | C] () -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/07/14 07:16:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\sxs.dll
[2009/07/14 07:16:09 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\SPInf.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/09 01:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/12/02 09:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/05/22 23:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/19 11:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2005/04/26 08:05:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\vbaZlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >





Extra.txt File
OTL Extras logfile created on: 7/18/2011 12:02:59 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\KC\Desktop\VIRUS STUFFS
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 40.84% Memory free
8.00 Gb Paging File | 5.31 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 9.66 Gb Free Space | 8.29% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 332.42 Gb Free Space | 99.33% Space Free | Partition Type: NTFS

Computer Name: KC-PC | User Name: KC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse[@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe[@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs[@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf[@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh[@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_USERS\S-1-5-21-3764852082-4103192649-623538744-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0401-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Arabic) 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{90120000-002A-041E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Thai) 2007
"{90120000-002A-041F-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Turkish) 2007
"{90120000-002A-0804-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C04-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{095C49EB-930B-48E6-BF07-0C99206DA5BB}" = Alcor Micro USB Card Reader
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B322F4F-F403-4975-AB54-530459472148}" = Skype Toolbars
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Thai) 2007
"{90120000-0016-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Thai) 2007
"{90120000-0018-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Thai) 2007
"{90120000-001B-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_HOMESTUDENTR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
"{90120000-001F-041E-0000-0000000FF1CE}_HOMESTUDENTR_{0ED7C31A-FB21-4F8E-BD16-921A5E69B2C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_HOMESTUDENTR_{CB71F1CB-4CC3-47DE-B003-40413E64FE10}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_HOMESTUDENTR_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_HOMESTUDENTR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-1000-0000000FF1CE}_HOMESTUDENTR_{1252D255-DB26-4F85-9F0F-D59B9DFE339E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_HOMESTUDENTR_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0804-1000-0000000FF1CE}_HOMESTUDENTR_{B45C4BDA-CDBB-4D65-8970-6ABB35BE81B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0401-1000-0000000FF1CE}_HOMESTUDENTR_{C1547C6B-A758-4270-964E-4EE8D323C99D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0404-1000-0000000FF1CE}_HOMESTUDENTR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0416-1000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-041E-1000-0000000FF1CE}_HOMESTUDENTR_{CEB4C8D4-2A39-45FD-B201-FBC950549C59}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-041F-1000-0000000FF1CE}_HOMESTUDENTR_{5BAE8A52-83CD-4A7B-90B0-5EFB57FD78C8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0804-1000-0000000FF1CE}_HOMESTUDENTR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0816-1000-0000000FF1CE}_HOMESTUDENTR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C04-1000-0000000FF1CE}_HOMESTUDENTR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-002C-041E-0000-0000000FF1CE}" = Microsoft Office Proofing (Thai) 2007
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_HOMESTUDENTR_{C1547C6B-A758-4270-964E-4EE8D323C99D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_HOMESTUDENTR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Thai) 2007
"{90120000-006E-041E-0000-0000000FF1CE}_HOMESTUDENTR_{CEB4C8D4-2A39-45FD-B201-FBC950549C59}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_HOMESTUDENTR_{5BAE8A52-83CD-4A7B-90B0-5EFB57FD78C8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_HOMESTUDENTR_{A844CE03-EE56-4609-808D-946E33AA9236}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_HOMESTUDENTR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0401-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Arabic) 2007
"{90120000-00A1-0401-0000-0000000FF1CE}_HOMESTUDENTR_{F3C3851B-43B8-4B86-89BA-ECAD6518AD22}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0404-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
"{90120000-00A1-0404-0000-0000000FF1CE}_HOMESTUDENTR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041E-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Thai) 2007
"{90120000-00A1-041E-0000-0000000FF1CE}_HOMESTUDENTR_{E84AA79E-3E58-4E65-92AC-38E929EB96DF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041F-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Turkish) 2007
"{90120000-00A1-041F-0000-0000000FF1CE}_HOMESTUDENTR_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0804-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Simplified)) 2007
"{90120000-00A1-0804-0000-0000000FF1CE}_HOMESTUDENTR_{18EBA2E9-1310-46B3-91A2-536B0F314F2B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_HOMESTUDENTR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C04-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
"{90120000-00A1-0C04-0000-0000000FF1CE}_HOMESTUDENTR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.537.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C58BEC6C-D968-4FE3-8DD6-9FDC4278657B}" = Panda Antivirus Pro 2012
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}" = Vodafone Mobile Connect Lite Runtime Components
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8BallClub" = 8BallClub Billiards
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BOCNET Security Applet_is1" = BOCNET Security Applet 1.5
"conduitEngine" = Conduit Engine
"Creative Centrale" = Creative Centrale
"DkZ Studio0.9.1 BETA" = DkZ Studio
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"easyMule" = easyMule
"ExpressBurn" = Express Burn Disc Burning Software
"Free Studio_is1" = Free Studio version 5.0.8
"GoldWave v5.55" = GoldWave v5.55
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"mIRC" = mIRC
"Mobile Broadband Modem" = Mobile Broadband Modem
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mp3tag" = Mp3tag v2.46a
"Network MagicUninstall" = Network Magic
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Orbit_is1" = Orbit Downloader
"PPSGame" = PPS游戏 V1.0.1.238
"PPStream" = PPS影音 V2.7.0.1208 正式版
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TagScanner_is1" = TagScanner 5.1.596
"ToggleEN Toolbar" = ToggleEN Toolbar
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZENXFI2UG" = Creative ZEN X-Fi2 Documentation
"中国银行网上银行安全控件_is1" = 中国银行网上银行安全控件 1.5
"硕鼠" = 硕鼠 0.4.5.16 正式版

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3764852082-4103192649-623538744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.780.0
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2010 3:13:05 AM | Computer Name = KC-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/19/2010 3:53:40 AM | Computer Name = KC-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 2.0.0.3960 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cb8 Start
Time: 01cb9f490f5970c1 Termination Time: 79 Application Path: C:\Program Files (x86)\Mozilla
Firefox 4.0 Beta 7\firefox.exe Report Id: 1372ae84-0b45-11e0-b0db-002243d3b2ab

Error - 12/19/2010 9:20:08 AM | Computer Name = KC-PC | Source = SideBySide | ID = 16842787
Description =

Error - 12/21/2010 10:16:35 PM | Computer Name = KC-PC | Source = SideBySide | ID = 16842787
Description =

Error - 12/21/2010 10:49:15 PM | Computer Name = KC-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/22/2010 1:56:08 AM | Computer Name = KC-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.7600.16700 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 528 Start
Time: 01cba1829b449cbf Termination Time: 60 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 27375e2a-0d90-11e0-abaa-002243d3b2ab

Error - 12/22/2010 3:59:33 AM | Computer Name = KC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nmsrvc.exe, version: 11.0.8268.0, time
stamp: 0x48dac758 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process
id: 0x5a8 Faulting application start time: 0x01cba17e327c3a4f Faulting application
path: C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 691bf365-0da1-11e0-abaa-002243d3b2ab

Error - 12/23/2010 10:08:29 PM | Computer Name = KC-PC | Source = SideBySide | ID = 16842787
Description =

Error - 12/24/2010 2:43:46 AM | Computer Name = KC-PC | Source = SideBySide | ID = 16842787
Description =

Error - 12/24/2010 3:15:59 AM | Computer Name = KC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000005 Fault offset: 0x0000000000004c63
Faulting
process id: 0x368 Faulting application start time: 0x01cba335b6650a69 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: a7a82bcb-0f2d-11e0-a2d7-002243d3b2ab

[ System Events ]
Error - 7/17/2011 11:36:56 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7000
Description = The Link-Layer Topology Discovery Mapper I/O Driver service failed
to start due to the following error: %%577

Error - 7/17/2011 11:37:51 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk ProtectorA

Error - 7/17/2011 11:38:52 AM | Computer Name = KC-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = CBS Client initialization failed. Last error: 0x8007045b

Error - 7/17/2011 11:39:37 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7023
Description = The Panda On-Access Anti-Malware Service service terminated with the
following error: %%1

Error - 7/17/2011 11:41:24 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7000
Description = The Link-Layer Topology Discovery Mapper I/O Driver service failed
to start due to the following error: %%577

Error - 7/17/2011 11:42:06 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk ProtectorA

Error - 7/17/2011 11:43:42 AM | Computer Name = KC-PC | Source = RasMan | ID = 20063
Description = Remote Access Connection Manager failed to start because the Protocol
engine [vpnike.dll] failed to initialize. The system cannot find the device specified.


Error - 7/17/2011 11:43:42 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%20

Error - 7/17/2011 11:45:04 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 7/17/2011 11:45:04 AM | Computer Name = KC-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053


< End of report >

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 17 July 2011 - 01:51 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to Programs and Features in the control panel and remove either AVAST or Panda.
  • Also please uninstall the following questionable or adware related software:

    RelevantKnowledge
    Conduit Engine

  • You may also uninstall Ask Toolbar if it is installed without your consent.
  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    • Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.
  • We are going to remove some entries and also disable the CD emulation software as they interfere with our fixes. Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O33 - MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
      O33 - MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
      O33 - MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\Shell - "" = AutoRun
      O33 - MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\Shell\AutoRun\command - "" = F:\Startme.exe
      O33 - MountPoints2\{c4b10f69-4df0-11df-a03f-90e6ba200640}\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell - "" = AutoRun
      :reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd]
      "Start"=dword:4
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.


#8 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 18 July 2011 - 09:13 AM

1. I have removed Panda, and i keep AVAST.

2. I have removed RelevantKnowledge. For Conduit Engine, i didn't manage to remove it. When i click 'uninstall', a squarish box with a black background pops out, with the title 'Uninstall' in white against the black bg, and 2 radio buttons.

The first radio button reads - Remove the following apps: (with a rectangle white space below it, but theres no choice for me to choose from). The second radio button does not have any words to it.

This squarish box does not have any 'X', minimalize button at the corner. Im sorry but i cant post screenshot because of the limited upload quota set by the forum.

3. I have removed the Ask Toolbar. It is pretty nasty as i took awhile to remove it.

4. I cant open the Spybot program. Whenever i opened it, a box will pop out and say:

c:\windows/system32/srvcli.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administration or the software vendor for support.

It will prevent me from opening. I mentioned this in my first post. :(

Should i delete the whole program instead and reinstall after everything is okay? Im fine with deleting it. (any previous infections detected by SpyBot will be removed too, right?)

5. Log. No reboot.



========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b6dac08-5823-11df-9dda-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b6dac08-5823-11df-9dda-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b6dac08-5823-11df-9dda-002243d3b2ab}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ee01aac-06f9-11df-bb7b-002243d3b2ab}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103a7-3ebe-11e0-ac66-002243d3b2ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103b4-3ebe-11e0-ac66-002243d3b2ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97c103c3-3ebe-11e0-ac66-002243d3b2ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c07fc519-7a1c-11df-8353-002243d3b2ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c07fc519-7a1c-11df-8353-002243d3b2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c07fc519-7a1c-11df-8353-002243d3b2ab}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4b10f69-4df0-11df-a03f-90e6ba200640}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4b10f69-4df0-11df-a03f-90e6ba200640}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\\"Start"|dword:4 /E : value set successfully!

OTL by OldTimer - Version 3.2.26.1 log created on 07182011_220710




Thank you!!

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 18 July 2011 - 10:53 AM

Thanks for the detailed feedback.:)

We remove Conduit Engine later on.

You may uninstall Spybot. The removed infections should go away with it, but even if not it can do no harm. What we need at the moment to prevent it from running and interfering with the fixes.

  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#10 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 18 July 2011 - 01:00 PM

Heh. Thanks for the prompt feedback and assistance too!!

Haha well i hope im not being too long-winded, just trying to be as detailed as possible to aid with the problem. Id be very cooperative. :):)


I have removed Spybot.

The laptop was being restarted after the MalwareByte scan.





1. MBRCheck Log: (detected 1 item, i just pressed enter. Took pretty fast to finish.)


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON Corp.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F83VF
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 180):
0x03057000 \SystemRoot\system32\ntoskrnl.exe
0x0300E000 \SystemRoot\system32\hal.dll
0x00BC8000 \SystemRoot\system32\kdcom.dll
0x00C8B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCF000 \SystemRoot\system32\PSHED.dll
0x00CE3000 \SystemRoot\system32\CLFS.SYS
0x00EEF000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D41000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE2000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00ED3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D98000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EDF000 \SystemRoot\system32\drivers\pciide.sys
0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DAD000 \SystemRoot\system32\Drivers\pavboot64.sys
0x0109C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011B8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011C1000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011EB000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01000000 \SystemRoot\system32\drivers\amdxata.sys
0x0100B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01057000 \SystemRoot\system32\drivers\fileinfo.sys
0x0106B000 \SystemRoot\System32\Drivers\AsDsm.sys
0x01078000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x0108D000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x00DB7000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01240000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01439000 \SystemRoot\System32\Drivers\msrpc.sys
0x01497000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014B1000 \SystemRoot\System32\Drivers\cng.sys
0x01524000 \SystemRoot\System32\drivers\pcw.sys
0x01535000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E4000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0153F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D5000 \SystemRoot\System32\Drivers\spldr.sys
0x0158B000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D6000 \SystemRoot\System32\Drivers\mup.sys
0x017E8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D65000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x01416000 \SystemRoot\System32\DRIVERS\ShldFlt.sys
0x02C00000 \SystemRoot\System32\Drivers\Null.SYS
0x016DD000 \SystemRoot\System32\Drivers\Beep.SYS
0x01426000 \SystemRoot\System32\drivers\vga.sys
0x00DC3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01230000 \SystemRoot\System32\drivers\watchdog.sys
0x013E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013F4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00DE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03A30000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A41000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03A5F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A6C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A7C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03AC1000 \SystemRoot\system32\drivers\afd.sys
0x03B4A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B54000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B5D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B83000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BC3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C25000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C76000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C82000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C8D000 \SystemRoot\System32\drivers\discache.sys
0x03C9C000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CBA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CCB000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D18000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D3E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x048D8000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053D5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03EAA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F9E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03FE4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x056F1000 \SystemRoot\system32\DRIVERS\NETw1v64.sys
0x05DB8000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05DCB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05DE9000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x05DF1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05600000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05649000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0564B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0565A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05667000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0566C000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x05674000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05684000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x056A8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x056B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E8B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x053D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x056E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0481A000 \SystemRoot\system32\DRIVERS\ks.sys
0x0485D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0486F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D54000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07C03000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03D69000 \SystemRoot\system32\drivers\portcls.sys
0x03DA6000 \SystemRoot\system32\drivers\drmk.sys
0x07DE6000 \SystemRoot\system32\drivers\ksthunk.sys
0x03DC8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x03DE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0D648000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x0D600000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x0D611000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x00050000 \SystemRoot\System32\win32k.sys
0x0D61A000 \SystemRoot\System32\drivers\Dxapi.sys
0x0D626000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02C09000 \SystemRoot\System32\Drivers\bthport.sys
0x07DEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0D63E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03FF1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x048C9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x01E3F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x01F5B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x01F6E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x01F9A000 \SystemRoot\system32\drivers\BthEnum.sys
0x01FAA000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x01FCA000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x01FE1000 \SystemRoot\system32\drivers\modem.sys
0x02C95000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x01E00000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x02045000 \SystemRoot\system32\drivers\btwaudio.sys
0x020CB000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x020D7000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x020E9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x020F7000 \SystemRoot\system32\drivers\luafv.sys
0x0211A000 \SystemRoot\system32\DRIVERS\amm6460.sys
0x0212F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02169000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02172000 \SystemRoot\system32\drivers\WudfPf.sys
0x02193000 \??\C:\Windows\system32\PavTPK.sys
0x021A2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02013000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x0201F000 \SystemRoot\system32\DRIVERS\purendis.sys
0x0202B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x020DB000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x0A801000 \SystemRoot\system32\drivers\HTTP.sys
0x0A8C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0A8E7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0A8FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0A92C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0A97A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0B474000 \SystemRoot\system32\drivers\peauth.sys
0x0B51A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0B525000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0B552000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0B564000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0BC16000 \SystemRoot\System32\DRIVERS\srv.sys
0x0BCAB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0BCE1000 \SystemRoot\system32\DRIVERS\Prot6Flt.sys
0x77B80000 \Windows\System32\ntdll.dll
0x47DF0000 \Windows\System32\smss.exe
0xFFEA0000 \Windows\System32\apisetschema.dll

Processes (total 112):
0 System Idle Process
4 System
344 C:\Windows\System32\smss.exe
480 csrss.exe
556 C:\Windows\System32\wininit.exe
568 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1008 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
492 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
680 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1236 C:\Windows\System32\svchost.exe
1480 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
1996 C:\Windows\System32\nvvsvc.exe
1428 C:\Windows\System32\FBAgent.exe
1708 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1672 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2036 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1084 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1932 C:\Windows\System32\dwm.exe
2012 C:\Windows\explorer.exe
1352 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
1676 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
2052 C:\Windows\System32\spoolsv.exe
2796 C:\Windows\System32\taskhost.exe
2388 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
2672 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2864 C:\Program Files\Zune\ZuneLauncher.exe
2068 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
2960 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
2240 C:\Windows\System32\svchost.exe
2360 D:\PPS.tv\PPStream\PPSAP.exe
2696 C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
2704 C:\Windows\System32\taskeng.exe
2456 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2760 C:\Program Files (x86)\easyMule\emule.exe
2156 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
2420 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2476 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2588 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
2844 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2932 C:\Program Files\P4G\BatteryLife.exe
1720 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2128 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2080 C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
2416 C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
2896 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
2460 C:\Users\KC\AppData\Local\MediaGet2\mediaget.exe
2744 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
3488 C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
3676 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
3776 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3248 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
4064 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3332 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
3732 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
3304 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
3928 C:\Windows\System32\svchost.exe
4068 C:\Windows\System32\VSSVC.exe
3168 D:\PPS.tv\PPStream\PPStream.exe
3472 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
3704 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
3816 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
3232 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3924 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3116 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2720 C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
3476 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3680 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2508 C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
4576 C:\Windows\SysWOW64\ACEngSvr.exe
4360 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3864 unsecapp.exe
4140 WmiPrvSE.exe
4212 WmiPrvSE.exe
4644 C:\Windows\System32\SearchIndexer.exe
4284 C:\Windows\System32\svchost.exe
5876 C:\Windows\servicing\TrustedInstaller.exe
5360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2536 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
6064 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3912 C:\Windows\System32\svchost.exe
5428 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
3688 C:\Windows\System32\svchost.exe
1072 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6552 dllhost.exe
6700 C:\Program Files\Windows Media Player\wmpnetwk.exe
6008 C:\Windows\System32\svchost.exe
4744 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
2384 C:\Windows\System32\wuauclt.exe
4332 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
6432 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
1116 C:\Windows\System32\SearchProtocolHost.exe
6580 C:\Windows\System32\SearchFilterHost.exe
6384 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
5732 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
3568 C:\Windows\System32\rundll32.exe
4148 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
6044 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
3632 C:\Users\KC\Desktop\VIRUS STUFFS\MBRCheck.exe
2544 C:\Windows\AsScrPro.exe
4188 C:\Windows\System32\conhost.exe
4496 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`c56a2e00 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!





2. MalwareBytes (MBAM) Log: (im amazed by this program! It detected 141 infected items!! - that are previously not being detected by any of the anti virus/spyware programs!! Im actually quite happy to see the number of infected items shown up one by one (not sure why). hahaha. But then it goes to show how dirty my brother's laptop is!!


Although i dont use this program Funshion, but as far as i know, it is a video streaming platform to stream movies and dramas. I have friends who use it without having any problems with their computers so im not sure why too. But anyway, i have deleted all 141 infected items.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7192

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/7/2011 1:24:57 AM
mbam-log-2011-07-19 (01-24-57).txt

Scan type: Quick scan
Objects scanned: 183216
Time elapsed: 16 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 128

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\KC\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashstamp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\historytorrent (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R07HYOO\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R07HYOO\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R07HYOO\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R07HYOO\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R8SQYJ3.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$R9TEZTN.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RB6RIQG.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RD7PZ18.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RG75GUJ.tmp\Oleau64.dll (Spyware.Banker.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RK3TVSY.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RKIFHN3.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RNCUX9J.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RWMFPY1.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RWMFPY1.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RWMFPY1.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-3764852082-4103192649-623538744-1000\$RWMFPY1.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\System32\Coopen.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\Coopen.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~os1D84.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osB3E4.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDBAF.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osF151.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osF151.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osF151.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\KC\downloads\funshioninstall2.4.1.32.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flash\980ef71b_c41b_511c_2591_1c44d72c2cec.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\05ab3df7_96f7_f3c1_c7e4_57c5af04df14.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\09bfa07c_9c47_2c78_6f3b_f03378ec4cb6.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\1bac7ebe_d7a6_54da_5dc5_933f05b6dd50.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\35fd07a9_3462_fab1_78f0_85c07123d022.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\5f0875ac_463a_dcd4_c54e_d8bd9c112f4a.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\61510264_071f_a9c7_bd54_7a0509e6f48b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\73991fd0_ebda_d973_cb58_c5037dc4b9af.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\75de27e8_d33f_dc61_a715_b944bae4b2dd.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\c355c0b8_4929_98d2_4e80_4fc7d20c6503.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\db333118_cf35_10fa_b579_fc5ea733989b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\e22429aa_7f06_cd23_5c26_e0a5db396642.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\ede2b6be_33a9_139f_de84_a9981770b2d5.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\cache\flashNew\f5ff9a31_84e9_f8b5_fb10_8a623b7f4ebb.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\control\1305888060_6634280_1274614154_643.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\control\1305888060_6634280_1274614154_643.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\historytorrent\人体蜈蚣.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\Seed\6634280_1274614154_643.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\adlinkparamfile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\ad_define.fai.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\flashnew.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\flashparam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\flashparam.txt.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\stamppolicy.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\updatexmlfile.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\热门游戏.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\KC\funshion\update\购物网站大全.lnk (Adware.Funshion) -> Quarantined and deleted s




Once again, thank you! Anyway, the annoying c:\windows/system32/srvcli.dll error still pops out whenever the computer is being booted. And some others.

Edited by rody, 18 July 2011 - 01:03 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 18 July 2011 - 03:27 PM

You are not long-winded and I appreciate your feedback. :thumbup2:

Is this Windows 7 a Vista upgrade or it was originally on the system?

I would like to have another scan.

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.
  • ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats and the option Scan archives are checked.
  • Now click on Advanced Settings and select the following:
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#12 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 18 July 2011 - 09:17 PM

Hi farbar, just some questions before i proceed to run the CCleaner.


Do those checks under the Application Tab, and under Utilities/Multimedia/Internet remove those programs listed? Just pretty worried here. Need some assurance. haha.


Such as
Multimedia > VLC Player, Windows Media Player, etc.
Internet > Windows Live Messenger, BitTorrent, etc.
Applications > Office 2003/2007, etc.

I asked because:
1) This laptop does not belong to me, it belongs to my younger brother. Should anything go missing i need to be held responsible. :( lol


2) Although i have installed this program on his laptop, i don't really know how to use it, and am unsure what it is exactly used for. I just happened to chance upon it on forums and people are talking about it/how good it is so i just downloaded it but i have never really used it. Okay, the furthest i did is to check Empty Recycle Bin and Temporary Files under System and Internet Explorer in the Windows Tab. Didnt dare to touch the rest, let alone the Applications tab.


Because whenever i want to run the program, a message will pop out that says 'This process will permanently delete files from your system. Are you sure you wish to proceed?' that scares me and i will stop the idea of running the program. hahaha.


I read from Wikipedia that this program cleans temporary or potentially unwanted files (like history, temp internet files, cookies, recycle bin.. i know what they are) left by certain programs. But im just wondering, how do programs like Office/Windows Live Messenger/Players have/produce cookies/history?
If not, are we deleting the programs here? Just worried that all the Office document files, or his Live Messenger chat history will be deleted as well.


Hope you can explain to me before i proceed, thank you very much!


Oh ya, it is Windows 7 by default when we first bought it (i chose this laptop for him so i can confirm). Im sure my bro did not do anything to it as he is totally not tech-savvy, lol.

Edited by rody, 18 July 2011 - 09:19 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 19 July 2011 - 02:29 AM

I read from Wikipedia that this program cleans temporary or potentially unwanted files (like history, temp internet files, cookies, recycle bin. i know what they are) left by certain programs.

That is what it does.

To emphasize it doesn't uninstall any program, doesn't remove any configuration or setting, doesn't remove any document or any backup or any saved data. I'm using the program for many years.

You may uncheck the box next to Live Messenger or any other program except Internet and Firefox/Mozilla, these last should be checked. The crab in internet and Firefox cache grow very vast and it is a good place for adware and malware where they create some stuff.

ESET should take some time to scan the system but scanning those unneeded stuff might make it much more longer.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 AM

Posted 19 July 2011 - 07:05 AM

Please don't miss my previous post.

I change the instruction for running ESET in order not to delete anything.

[*]ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is not checked.
  • Now click on Advanced Settings and select the following:
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#15 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:09:39 AM

Posted 19 July 2011 - 08:10 AM

Thanks for the explanation. I had did a run on CCleaner. I only unchecked the Live Messenger part. The program removed 4263MB of stuffs, and there isn't seem to have a logfile created for me. I just kept the program open (with the window showing the lists of stuffs deleted) in case you need some info from this program.


I have a problem with the ESET website. I am using Internet Explorer, which didn't need to install additional stuff to run. I have disabled Anti-Virus already.


I get past the YES, I accept the Terms of Use part.

After that, the site asked me if i would like to install active X, i do a right click 'Install Active X', it takes awhile for it to load,


and then a box pops out that says:

----------------------------------------------------------------------------------------------------------------

'Do you want to allow the following program to make changes to this program?'

Program name: OnlineScanner.cab
Verified publisher: ESET, spol. s r o.

----------------------------------------------------------------------------------------------------------------


So I clicked yes, and then the screen turns blank, with a small red x in a white square button on the left showing.

And im stucked there. The cursor is not the hourglass, but just the arrow. It just stops there. I have tried for 30 minutes.


I don't know why. Maybe i should try using Firefox instead and see.



UPDATE: It works for Firefox! Looks like an extra step to download that extra installer stuff wouldnt hurt much. heh.

Will post the report once the scan is done. Never use this before. *excited about the detection* /GeekMode

Edited by rody, 19 July 2011 - 08:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users