Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus (Again)


  • This topic is locked This topic is locked
26 replies to this topic

#1 tearsunderstars

tearsunderstars

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 August 2011 - 12:05 PM

Dear Bleeping Computer helpers, thank you very much for tending to my problem if you can. Anyway here goes...

I am of the many unlucky ones who was infected with the Google Redirect Virus. What happens was that I will use Firefox's location bar for Google searches. When I click on a google search link, I'm being redirected to www.find-fast-answers.com/blablabla. However if I use the Firefox Home page search instead, I will be redirected to use the search engine of search.imesh.com (which I have no idea how to change). If I use Internet Explorer instead, I was also redirected to search.imesh.com. I have downloaded Malwarebytes which detected several trojans and removed them. However, the redirects still remains. If Malwarebytes is running, instead of being redirected to www.find-fast-answers.com/blablabla, I get the following page, if I search youtube in location bar of Firefox.

Posted Image


I got a little desperate so I continued searching on how to get rid of the redirects. I ran Combofix once as a result, and the redirects still remain. I tried to run several times but it got my computer to hang (the green bar was stuck during extraction) which forced me to forcefully shut down and start my computer again. Hence I'm rather paranoid of using Combofix and now I decided I should get personalized help rather than trying anything posted on the net. Here are some things that I've noted that may be helpful information:

-The anti-malware programs that I have now, including Malwarebytes show up all clean even though I still get redirected.
-the hosts file only shows 127.0.0.1 localhost
-I don't get redirected when using ethernet cable (I mostly use wireless). But I'm not sure for the search.imesh.com because I only used the search in location bar in Firefox while on ethernet cable.

Here's the logs that I've ran.

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Yijun at 23:04:58 on 2011-08-14
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.65.1033.18.3069.1277 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
C:\Users\Yijun\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\LMabcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12lite\imesc\IMSCMig.exe /INSTALL
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [New Value #1] “ctfmon”=”CTFMON.EXE”
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\yijun\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\yijun\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.169.34.181 203.120.90.40
TCP: Interfaces\{5B6E4B37-C9AB-4D32-8328-1A4B239A70AE} : DhcpNameServer = 192.169.34.181 203.120.90.40
TCP: Interfaces\{BB3C85C4-D5D3-4320-B1CD-A5F0C885CE07} : DhcpNameServer = 192.169.34.181 203.120.90.40
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yijun\appdata\roaming\mozilla\firefox\profiles\60s2ewqp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-7-9 43184]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-22 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-7-9 3471360]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-13 366640]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2008-1-7 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2008-1-7 36432]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-22 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-22 84240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-13 22712]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-9 123496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-10 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-10 79104]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-1-7 575064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-14 12:00:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-14 10:24:41 -------- d-----w- c:\users\yijun\appdata\local\temp
2011-08-14 10:06:14 518144 ----a-w- c:\windows\SWREG.exe
2011-08-14 10:06:14 256000 ----a-w- c:\windows\PEV.exe
2011-08-14 10:06:14 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 10:06:13 98816 ----a-w- c:\windows\sed.exe
2011-08-14 04:17:39 -------- d-----w- c:\users\yijun\appdata\local\{CF7201B0-6F39-4CC9-9C8A-81777BF66214}
2011-08-14 04:17:36 -------- d-----w- c:\users\yijun\appdata\local\{FF5991C9-6BC1-4C39-BC4C-89AB7E0AA059}
2011-08-14 04:17:33 -------- d-----w- c:\users\yijun\appdata\local\{0B30964C-6BC1-4530-952A-FBEDE4B680E6}
2011-08-14 04:17:29 -------- d-----w- c:\users\yijun\appdata\local\{524BF19D-D454-4D80-A64B-E9237039DF5A}
2011-08-13 16:16:56 -------- d-----w- c:\users\yijun\appdata\local\{94D6F31E-729B-4F3C-BE26-5E8899395F2C}
2011-08-13 16:16:52 -------- d-----w- c:\users\yijun\appdata\local\{0C837FD3-B3FB-4E14-975B-71901994AD2E}
2011-08-13 16:16:48 -------- d-----w- c:\users\yijun\appdata\local\{D0023B37-DCB6-4DB1-A4F1-9EEB3C2A50C9}
2011-08-13 16:16:43 -------- d-----w- c:\users\yijun\appdata\local\{F30813E6-E54A-4D3F-B87B-403D4F1648A4}
2011-08-13 07:43:52 -------- d-----w- c:\users\yijun\appdata\roaming\Malwarebytes
2011-08-13 07:43:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 07:43:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 07:43:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 07:43:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 04:16:33 -------- d-----w- c:\users\yijun\appdata\local\{52332B44-8C45-4121-AC1C-F575750433B4}
2011-08-13 04:16:30 -------- d-----w- c:\users\yijun\appdata\local\{2FF15E11-8BDE-4AE6-92CA-F6ADD833289B}
2011-08-13 04:16:22 -------- d-----w- c:\users\yijun\appdata\local\{C0BFADEC-3EF4-41E7-B278-8BA0F5DCF0A7}
2011-08-13 04:16:17 -------- d-----w- c:\users\yijun\appdata\local\{FDC6969E-19F6-4F72-BC6D-D5BA50E1BBD9}
2011-08-12 16:07:49 -------- d-----r- c:\users\yijun\Dropbox
2011-08-12 15:56:16 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{742126f2-ef47-4d7c-b7a8-0c1dc435e3ca}\mpengine.dll
2011-08-12 15:48:08 -------- d-----w- c:\users\yijun\appdata\local\{99F7C50F-2E45-494A-B6F7-8ADA50235E6F}
2011-08-12 15:47:58 -------- d-----w- c:\users\yijun\appdata\local\{1AEAC52B-2190-4AF5-998F-0A91D690313A}
2011-08-12 15:38:37 -------- d-----w- c:\users\yijun\appdata\local\{A4EF82FF-35EA-43E6-B278-1F9093D1E2F1}
2011-08-12 15:38:16 -------- d-----w- c:\users\yijun\appdata\local\{5D8D8A7B-C4BD-4677-AED1-0883C18F8933}
2011-08-11 15:27:07 -------- d-----w- c:\users\yijun\appdata\local\{ACE90E5F-4B15-4D78-BF21-42129F82327F}
2011-08-11 15:27:04 -------- d-----w- c:\users\yijun\appdata\local\{F496A9CD-849A-4B5F-9E37-91848095EDA3}
2011-08-11 15:27:00 -------- d-----w- c:\users\yijun\appdata\local\{2F6C992E-F2B4-4FCC-8978-AE095EACFB3C}
2011-08-11 15:26:56 -------- d-----w- c:\users\yijun\appdata\local\{B94FA948-358E-42FB-9CE0-C3F05E7E8EE0}
2011-08-11 15:26:52 -------- d-----w- c:\users\yijun\appdata\local\{A8D4A841-FB0D-4C32-85B3-68B0E1E260E4}
2011-08-11 03:43:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 03:43:01 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 03:42:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 03:41:03 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:41:03 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:40:56 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 03:26:21 -------- d-----w- c:\users\yijun\appdata\local\{A6CAF4E2-97DB-4748-8D56-D1AF1B1ABE1C}
2011-08-11 03:26:11 -------- d-----w- c:\users\yijun\appdata\local\{CC1DD09D-C405-430D-85AC-50797DA5D3F1}
2011-08-11 03:26:08 -------- d-----w- c:\users\yijun\appdata\local\{FC5B9583-A08C-49AE-92D3-76592B15B433}
2011-08-11 03:26:04 -------- d-----w- c:\users\yijun\appdata\local\{9D1A5935-E747-4C55-80BA-672871B1C3C6}
2011-08-11 03:26:01 -------- d-----w- c:\users\yijun\appdata\local\{2B8996BE-3198-4272-94B0-74558E60E912}
2011-08-11 03:25:55 -------- d-----w- c:\users\yijun\appdata\local\{2014BFF1-0D32-4FF1-B14C-0B228D30AF8E}
2011-08-10 14:33:03 -------- d-----w- c:\users\yijun\appdata\local\{B7F13025-73A1-4277-8C6F-441A3745B651}
2011-08-10 14:32:59 -------- d-----w- c:\users\yijun\appdata\local\{0F614298-C67B-4536-A95F-7CE75759B825}
2011-08-10 14:32:55 -------- d-----w- c:\users\yijun\appdata\local\{E21C7DAB-B830-4C8D-B679-A42794F96B7D}
2011-08-10 14:32:51 -------- d-----w- c:\users\yijun\appdata\local\{85ADBC83-A1CB-4F9C-B118-1F8CC090CBE3}
2011-08-10 14:32:44 -------- d-----w- c:\users\yijun\appdata\local\{3231B3F0-04F4-4F0F-BCE6-B4AF1CAC8D13}
2011-08-10 14:32:40 -------- d-----w- c:\users\yijun\appdata\local\{D5A95D9A-381E-4A9F-9EF1-A4AC6E8B3ED1}
2011-08-10 02:13:02 -------- d-----w- c:\users\yijun\appdata\local\{E1CE8E9C-7DA9-4C21-A06F-A1A0FC0F01ED}
2011-08-10 02:12:58 -------- d-----w- c:\users\yijun\appdata\local\{ACF36C2C-49C8-40A0-BA4E-E1CCCDBAD5DC}
2011-08-10 02:12:55 -------- d-----w- c:\users\yijun\appdata\local\{FCAB0952-7B3B-4D11-AA51-02CA77389BDC}
2011-08-10 02:12:51 -------- d-----w- c:\users\yijun\appdata\local\{7EB12446-9B2E-4001-8FFC-F2C0536D26CB}
2011-08-10 02:12:46 -------- d-----w- c:\users\yijun\appdata\local\{31013F7B-1A58-4C82-99A8-85B0F30272D8}
2011-08-10 02:12:37 -------- d-----w- c:\users\yijun\appdata\local\{137E1918-76E0-4CDD-8983-4E946E7AE0F8}
2011-08-09 08:40:52 -------- d-----w- c:\users\yijun\appdata\local\{3F2F6072-03E0-4435-8AC1-CF475867D25C}
2011-08-09 08:40:49 -------- d-----w- c:\users\yijun\appdata\local\{A81DB035-A3AA-494C-B201-542FEB34D17B}
2011-08-09 08:40:47 -------- d-----w- c:\users\yijun\appdata\local\{92B9FFF7-8F68-4A8A-80E1-2A86565BE149}
2011-08-09 08:40:44 -------- d-----w- c:\users\yijun\appdata\local\{0806D310-A3B2-4AE2-95DB-2AA234E42AFA}
2011-08-08 20:40:37 -------- d-----w- c:\users\yijun\appdata\local\{31371388-9DB7-4B23-A5E6-A4BD894852FD}
2011-08-08 20:40:33 -------- d-----w- c:\users\yijun\appdata\local\{F37AFE3C-30E6-4424-93C5-D587B165A2BF}
2011-08-08 20:40:30 -------- d-----w- c:\users\yijun\appdata\local\{486C401C-B114-48E1-8054-C6F4A28C2738}
2011-08-08 08:40:24 -------- d-----w- c:\users\yijun\appdata\local\{006B3659-0760-4ACC-B9AA-692152432226}
2011-08-08 08:40:19 -------- d-----w- c:\users\yijun\appdata\local\{AC9656BD-90FB-41E1-B662-40E299D3CD8A}
2011-08-07 20:40:08 -------- d-----w- c:\users\yijun\appdata\local\{F9663782-9B16-4886-B27E-453A603EEBC8}
2011-08-07 20:40:03 -------- d-----w- c:\users\yijun\appdata\local\{16F183E2-54BD-4696-9985-14B56C8B20D7}
2011-08-07 10:52:26 1847296 ----a-w- c:\program files\mozilla firefox\extensions\{1fb05c5e-4c04-0fa7-35fc-ee3707444fb9}\components\484ffcb1.dll
2011-08-07 08:39:36 -------- d-----w- c:\users\yijun\appdata\local\{E72764A7-C844-441F-91C3-F43BBEF20D7B}
2011-08-07 08:39:31 -------- d-----w- c:\users\yijun\appdata\local\{93289E09-24FD-4F34-8A4D-79F4C76510DC}
2011-08-06 20:38:18 -------- d-----w- c:\users\yijun\appdata\roaming\Rovio
2011-08-06 20:37:04 -------- d-----w- c:\program files\Rovio
2011-08-06 16:22:04 -------- d-----w- c:\users\yijun\appdata\local\{F2D053FF-B264-4CDE-B316-C7CE6F77281E}
2011-08-06 16:21:55 -------- d-----w- c:\users\yijun\appdata\local\{3F3341F9-D919-4D65-947B-06E4C1363B03}
2011-08-06 04:21:46 -------- d-----w- c:\users\yijun\appdata\local\{6442F503-247A-437D-B517-A740CC824B06}
2011-08-06 04:21:43 -------- d-----w- c:\users\yijun\appdata\local\{223244C0-12B8-4583-9B4E-E051AB6F1FCA}
2011-08-06 04:21:40 -------- d-----w- c:\users\yijun\appdata\local\{5A8C433A-2BA7-43A3-A7D8-E85A95ED8EC2}
2011-08-06 04:21:37 -------- d-----w- c:\users\yijun\appdata\local\{95235896-E383-4E4E-829B-F15648FA6F5B}
2011-08-05 16:21:29 -------- d-----w- c:\users\yijun\appdata\local\{CE2AB31B-0944-4D7F-A91C-4AA53272C10C}
2011-08-05 16:21:26 -------- d-----w- c:\users\yijun\appdata\local\{B2094896-A6F3-4BC2-85A4-207B007A8111}
2011-08-05 16:21:23 -------- d-----w- c:\users\yijun\appdata\local\{648D0A7F-D841-483E-8662-04267510A233}
2011-08-05 16:21:18 -------- d-----w- c:\users\yijun\appdata\local\{55C97CDF-2124-4BE8-9B9D-D6432823C41E}
2011-08-05 04:20:55 -------- d-----w- c:\users\yijun\appdata\local\{2065B93A-767D-4B7D-81C5-A7DA3B7813E9}
2011-08-05 04:20:52 -------- d-----w- c:\users\yijun\appdata\local\{F523C453-1154-4908-9F34-DC2A7A243F1F}
2011-08-05 04:20:49 -------- d-----w- c:\users\yijun\appdata\local\{E25B0714-07F5-4DC2-BA0B-F1CC9E69DDBA}
2011-08-05 04:20:46 -------- d-----w- c:\users\yijun\appdata\local\{B9AF0240-CD2A-4C15-92D2-1FCA0A4758DA}
2011-08-04 16:20:36 -------- d-----w- c:\users\yijun\appdata\local\{23F89E2B-FEA0-4D59-921D-3EF2C3AC31BB}
2011-08-04 16:20:29 -------- d-----w- c:\users\yijun\appdata\local\{4D2783D7-06F2-4117-AA6C-67AC5BEF98D8}
2011-08-04 16:20:20 -------- d-----w- c:\users\yijun\appdata\local\{D5B5CF58-28FB-4734-A474-A9672C51ADF8}
2011-08-04 04:20:02 -------- d-----w- c:\users\yijun\appdata\local\{4B2BA5B5-D056-46B5-B564-C3029B9F3765}
2011-08-04 04:19:58 -------- d-----w- c:\users\yijun\appdata\local\{08D76D3E-14C8-45F7-A71A-C24D673B73B9}
2011-08-03 16:19:43 -------- d-----w- c:\users\yijun\appdata\local\{D22E7B46-7D10-4951-B82E-B38D57093D13}
2011-08-03 16:19:39 -------- d-----w- c:\users\yijun\appdata\local\{31D68A27-2347-463C-8987-327FD3192BBF}
2011-08-03 16:19:31 -------- d-----w- c:\users\yijun\appdata\local\{1AB47632-3E54-489D-AFE8-A82EBBF90AB4}
2011-08-03 16:19:26 -------- d-----w- c:\users\yijun\appdata\local\{BB45EA57-E0B6-468D-A2D5-A69661F0ED28}
2011-08-03 04:19:19 -------- d-----w- c:\users\yijun\appdata\local\{24842044-D925-4658-ABED-B9F2587BC4F4}
2011-08-03 04:19:16 -------- d-----w- c:\users\yijun\appdata\local\{A590D310-5E01-4F2E-B0AA-3A91AEA80128}
2011-08-03 04:19:12 -------- d-----w- c:\users\yijun\appdata\local\{6A8CDE07-3F78-47A4-A481-0526FB19EDD3}
2011-08-03 04:19:09 -------- d-----w- c:\users\yijun\appdata\local\{B9F319C2-96AB-49BC-8B6A-E6F0DB8C5234}
2011-08-03 04:19:06 -------- d-----w- c:\users\yijun\appdata\local\{CDE933E8-6AD6-4209-B7A1-56947DBAAC51}
2011-08-03 04:14:28 -------- d-----w- c:\windows\en
2011-08-03 03:08:17 -------- d-----w- c:\users\yijun\appdata\local\{2A072681-073A-4385-AF65-90AB2C15B379}
2011-08-03 03:07:48 -------- d-----w- c:\users\yijun\appdata\local\{74A7AC1A-E740-4AF6-83F7-AC78CBD43AD6}
2011-08-02 07:11:02 -------- d-----w- c:\users\yijun\appdata\local\{560759C1-22A2-4401-9DCA-7A499C574C57}
2011-08-01 19:10:59 -------- d-----w- c:\users\yijun\appdata\local\{46298052-8A74-4350-AA38-BBC34B0C2F43}
2011-08-01 09:31:12 -------- d-----w- c:\program files\uTorrent
2011-08-01 09:30:42 -------- d-----w- c:\users\yijun\appdata\roaming\uTorrent
2011-08-01 09:30:42 -------- d-----w- c:\users\yijun\appdata\local\uTorrent
2011-08-01 07:10:54 -------- d-----w- c:\users\yijun\appdata\local\{D426D3D3-7BE9-4AF4-8F2D-7DBFEFD7560A}
2011-07-31 18:02:49 -------- d-----w- c:\users\yijun\appdata\local\{D4031DA7-79D8-49A1-8F57-B39F14D73AA6}
2011-07-31 06:02:33 -------- d-----w- c:\users\yijun\appdata\local\{73247AF1-9AAE-4183-B076-BAABBCCC56A7}
2011-07-30 17:40:54 -------- d-----w- c:\users\yijun\appdata\local\{2E13C9AB-99B6-48CD-8A34-EF4FFD0E0844}
2011-07-30 17:40:51 -------- d-----w- c:\users\yijun\appdata\local\{498A7216-0203-4843-96D8-604676F2A3BE}
2011-07-30 05:40:48 -------- d-----w- c:\users\yijun\appdata\local\{3C61FFC8-9E5F-4DA6-9A48-68E0784E9816}
2011-07-29 17:40:44 -------- d-----w- c:\users\yijun\appdata\local\{19328387-AD7C-4C5C-B3C0-9BDE484DBCF4}
2011-07-29 05:40:40 -------- d-----w- c:\users\yijun\appdata\local\{1BE96BAE-17A3-4D61-81BC-87F93E46C872}
2011-07-28 17:40:34 -------- d-----w- c:\users\yijun\appdata\local\{74C4A04B-6ECC-4005-82E4-82505BADEC66}
2011-07-28 05:40:16 -------- d-----w- c:\users\yijun\appdata\local\{FE422C31-9DE2-4076-AD31-4F38ED125CD6}
2011-07-27 17:40:12 -------- d-----w- c:\users\yijun\appdata\local\{022657D9-3481-46EB-8E83-56F4722DA17B}
2011-07-27 05:40:09 -------- d-----w- c:\users\yijun\appdata\local\{071AC8FF-1AA9-40BE-A33E-A844DC376574}
2011-07-26 17:39:59 -------- d-----w- c:\users\yijun\appdata\local\{7954422E-F946-4F07-A0CD-1F5D324BFA58}
2011-07-26 17:39:56 -------- d-----w- c:\users\yijun\appdata\local\{FFC0DE61-1EC2-4BD6-A595-0F86E3FB70A4}
2011-07-26 05:39:45 -------- d-----w- c:\users\yijun\appdata\local\{BF04394F-1079-4D6E-8A19-803A8761CB8C}
2011-07-26 05:39:41 -------- d-----w- c:\users\yijun\appdata\local\{414E2E35-F4A5-47BA-95CC-BB51B5281367}
2011-07-25 06:46:51 -------- d-----w- c:\users\yijun\appdata\local\{6927C032-2E59-464B-B003-328C2B379605}
2011-07-25 06:46:49 -------- d-----w- c:\users\yijun\appdata\local\{6E7745B1-C740-4AF6-BB5E-CF9780AA681F}
2011-07-24 18:46:40 -------- d-----w- c:\users\yijun\appdata\local\{6B0C458F-C95F-467E-8695-A4CEB943A1F3}
2011-07-24 18:46:37 -------- d-----w- c:\users\yijun\appdata\local\{E06B308E-BBB6-4248-9092-87CDFCB8414B}
2011-07-24 11:40:33 -------- d-----w- c:\program files\Yamb
2011-07-24 10:48:44 -------- d-----w- c:\users\yijun\appdata\local\www.dvbportal.de
2011-07-24 07:47:38 -------- d-----w- c:\program files\iPod
2011-07-24 06:46:26 -------- d-----w- c:\users\yijun\appdata\local\{4E731A5D-ADAA-4C28-840D-D8AAA8E89771}
2011-07-24 06:46:24 -------- d-----w- c:\users\yijun\appdata\local\{1347042D-804B-4D56-9778-6A28169929D7}
2011-07-23 18:46:13 -------- d-----w- c:\users\yijun\appdata\local\{32580961-72D7-446F-A073-34436628522B}
2011-07-23 18:46:09 -------- d-----w- c:\users\yijun\appdata\local\{99E22A85-C939-4A2E-87B8-5B2D26F3FC2A}
2011-07-23 07:06:35 -------- d-----w- c:\program files\Unlocker
2011-07-23 06:45:50 -------- d-----w- c:\users\yijun\appdata\local\{78D91BAB-8E9A-4F79-A72D-09EFAFDEA0DE}
2011-07-22 18:44:09 -------- d-----w- c:\users\yijun\appdata\local\{B9230AC0-3378-4EC7-9BE4-06E28FC85553}
2011-07-22 18:43:11 -------- d-----w- c:\users\yijun\appdata\local\{EF6C3B52-4514-4399-B26B-753B5EB51F0E}
2011-07-22 06:42:20 -------- d-----w- c:\users\yijun\appdata\local\{DB3D7CF5-2821-4C9E-B8ED-12C5283A848A}
2011-07-22 06:42:06 -------- d-----w- c:\users\yijun\appdata\local\{28EAA177-65F0-445F-96C4-AEDA794EABAA}
2011-07-21 18:01:35 -------- d-----w- c:\users\yijun\appdata\local\{30BB1E52-5872-45D7-A9C1-42BB4BE58508}
2011-07-21 06:01:26 -------- d-----w- c:\users\yijun\appdata\local\{B436938F-0EE1-475F-8CBD-04556B3C16D6}
2011-07-20 18:01:17 -------- d-----w- c:\users\yijun\appdata\local\{68C9B582-8709-4112-954F-B029C4412FE4}
2011-07-20 06:01:06 -------- d-----w- c:\users\yijun\appdata\local\{AA47ACED-9C93-4F63-83DF-E6ADF1D28323}
2011-07-20 06:00:47 -------- d-----w- c:\users\yijun\appdata\local\{3A32BD5E-C74F-4DA9-AF41-081AA7C95620}
2011-07-19 17:37:44 -------- d-----w- c:\users\yijun\appdata\local\{83C2105A-1B6E-4244-AD7C-343DBD37EF25}
2011-07-19 05:37:37 -------- d-----w- c:\users\yijun\appdata\local\{2CD71D70-A578-4AE1-9CBB-DD5CB3ADD1D2}
2011-07-18 17:37:30 -------- d-----w- c:\users\yijun\appdata\local\{7B0FED89-69A1-419B-A6F9-E8F1D86B95E3}
2011-07-18 17:37:19 -------- d-----w- c:\users\yijun\appdata\local\{214454FA-623A-4477-BC57-61F08B2B3137}
2011-07-18 05:36:56 -------- d-----w- c:\users\yijun\appdata\local\{EAFDED40-2237-4137-9502-DBB58C91D936}
2011-07-17 17:36:46 -------- d-----w- c:\users\yijun\appdata\local\{AD11E5C0-1E49-49A2-BAE7-1AEE5497CF04}
2011-07-17 17:36:43 -------- d-----w- c:\users\yijun\appdata\local\{3A6EC693-3F3C-49F2-B347-EF64216A1D79}
2011-07-17 05:36:23 -------- d-----w- c:\users\yijun\appdata\local\{46BEE05F-7211-49BF-A599-B447CAB9F07A}
2011-07-17 05:36:16 -------- d-----w- c:\users\yijun\appdata\local\{92262612-819F-43E5-9F70-4D0F3737683E}
2011-07-16 15:17:57 -------- d-----w- c:\users\yijun\appdata\local\{7F2035C1-DF8E-4CD3-A3DC-4D4BC432831E}
2011-07-16 15:17:54 -------- d-----w- c:\users\yijun\appdata\local\{945D87BD-F6A6-424E-83F9-C9E57A7963BA}
2011-07-16 03:17:45 -------- d-----w- c:\users\yijun\appdata\local\{53981ADF-26BC-454C-B54C-5AEA1638831F}
2011-07-16 03:17:42 -------- d-----w- c:\users\yijun\appdata\local\{DE291636-11C1-403A-9105-9DF39B677AB7}
2011-07-15 15:17:31 -------- d-----w- c:\users\yijun\appdata\local\{CE5FE771-EF43-4C54-88E3-213017AB87D4}
2011-07-15 15:17:29 -------- d-----w- c:\users\yijun\appdata\local\{271E9274-A21B-4150-8D0E-5C551A74B72F}
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 03:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 10:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 10:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-26 02:22:50 11488 ----a-w- c:\windows\system32\METAbolt_applet.cpl
2011-06-17 07:02:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:06:27.45 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2008 9:26:55 AM
System Uptime: 14/8/2011 10:25:28 PM (1 hours ago)
.
Motherboard: Acer | | Aspire 4930
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | uPGA-478 | 1600/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 57.353 GiB free.
D: is FIXED (NTFS) - 140 GiB total, 79.338 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
???????2007
µTorrent
7-Zip 4.65
abcAVI
Acer Bio Protection
Acer Crystal Eye Webcam 3.0.5.1
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agere Systems HDA Modem
AHV content for Acrobat and Flash
Alarm 2.0.4
Angry Birds
Angry Birds Rio
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AuthenTec Fingerprint Sensor Minimum Install
Brother MFL-Pro Suite
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDisplay 1.8
CutePDF Writer 2.7
D3DX10
Digital Voice Editor 3
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dropbox
DVD Decrypter (Remove Only)
FileZilla Client 3.5.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juniper Networks Network Connect 6.0.0
Juniper Networks Network Connect 6.3.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Launch Manager
Lexmark Software Uninstall
LightScribe 1.4.142.1
Little Fighter 2 version 2.0a
Lizardtech DjVu Control
Malwarebytes' Anti-Malware version 1.51.1.1800
Mega Bomberman
Messenger Plus! 5
METAbolt
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MKVtoolnix 4.4.0
Mozilla Firefox 5.0.1 (x86 en-GB)
MSVCRT
MuseScore 1.1 MuseScore score typesetter
No-IP.com DUC (remove only)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
OGA Notifier 2.0.0048.0
PC Wizard 2008.1.84
PDF Settings
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.89
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Segoe UI
SF2 Splitter 1.1
sfArk
SFPack
Sony Ericsson PC Suite 3.209.00
Spelling Dictionaries Support For Adobe Reader 8
SQL Server System CLR Types
Synaptics Pointing Device Driver
System Requirements Lab
Trend Micro OfficeScan Client
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Viena
Vista Codec Package
VLC media player 1.1.7
VobSub v2.23 (Remove Only)
Windows Driver Package - ENE (enecir) HIDClass (01/23/2008 2.4.0.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
x264vfw - H.264/MPEG-4 AVC codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 2:29:21 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdRotator&threatid=1692 Scan ID: {BE9620F9-CBC7-4F8F-8C9C-FFF27C113AD3} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Adware:Win32/AdRotator ID: 1692 Severity ID: 4 Category ID: 1 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
7/8/2011 6:53:50 PM, Error: Microsoft-Windows-Windows Defender [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdRotator&threatid=1692 Scan ID: {10340127-49E0-4566-9298-1FE272803D5C} User: YIJUN\Yijun Name: Adware:Win32/AdRotator ID: 1692 Severity ID: 4 Category ID: 1 Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
7/8/2011 11:36:10 PM, Error: Microsoft-Windows-Windows Defender [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AdRotator&threatid=1692 Scan ID: {1058AF82-A047-4289-B776-BD225651D325} User: YIJUN\Yijun Name: Adware:Win32/AdRotator ID: 1692 Severity ID: 4 Category ID: 1 Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/8/2011 9:44:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:41:18 PM on 14/8/2011 was unexpected.
14/8/2011 9:32:13 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
14/8/2011 9:10:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/8/2011 9:03:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
14/8/2011 9:03:21 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 9:03:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
14/8/2011 9:00:44 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_013E1025&REV_00\4&742566f&0&04E4) disappeared from the system without first being prepared for removal.
14/8/2011 9:00:44 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_013E1025&REV_00\4&742566f&0&00E4) disappeared from the system without first being prepared for removal.
14/8/2011 9:00:44 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_013E1025&REV_00\4&742566f&0&02E4) disappeared from the system without first being prepared for removal.
14/8/2011 9:00:44 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_013E1025&REV_00\4&742566f&0&03E4) disappeared from the system without first being prepared for removal.
14/8/2011 8:54:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lmab_device service to connect.
14/8/2011 8:54:24 PM, Error: Service Control Manager [7000] - The lmab_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 8:54:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service lmab_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441075}
14/8/2011 8:51:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.
14/8/2011 8:51:29 PM, Error: Service Control Manager [7000] - The Windows Mobile-based device connectivity service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 8:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RapiMgr with arguments "" in order to run the server: {ED081F25-6A77-4C89-B689-C6E15C582EC1}
14/8/2011 8:49:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:48:30 PM on 14/8/2011 was unexpected.
14/8/2011 8:39:16 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0016EA5FBECC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
14/8/2011 8:35:37 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:35 PM on 14/8/2011 was unexpected.
14/8/2011 8:28:41 PM, Error: EventLog [6008] - The previous system shutdown at 8:27:07 PM on 14/8/2011 was unexpected.
14/8/2011 7:48:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/8/2011 7:36:13 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
14/8/2011 7:36:13 PM, Error: Service Control Manager [7034] - The iGroupTec Service service terminated unexpectedly. It has done this 1 time(s).
14/8/2011 5:58:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
14/8/2011 5:55:15 PM, Error: EventLog [6008] - The previous system shutdown at 5:53:20 PM on 14/8/2011 was unexpected.
14/8/2011 3:26:29 AM, Error: EventLog [6008] - The previous system shutdown at 3:22:50 AM on 14/8/2011 was unexpected.
14/8/2011 3:19:56 AM, Error: EventLog [6008] - The previous system shutdown at 3:14:27 AM on 14/8/2011 was unexpected.
14/8/2011 3:08:55 AM, Error: PlugPlayManager [12] - The device 'Intel® WiFi Link 5300 AGN' (PCI\VEN_8086&DEV_4235&SUBSYS_10018086&REV_00\4&24739fab&0&00E1) disappeared from the system without first being prepared for removal.
14/8/2011 10:59:10 PM, Error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
14/8/2011 10:25:58 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
14/8/2011 10:25:48 PM, Error: EventLog [6008] - The previous system shutdown at 10:24:33 PM on 14/8/2011 was unexpected.
14/8/2011 10:25:41 PM, Error: volmgr [46] - Crash dump initialization failed!
13/8/2011 1:32:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B6E4B37-C9AB-4D32-8328-1A4B239A70. The master browser is stopping or an election is being forced.
12/8/2011 3:32:12 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer CutePDF Writer with shared resource name CutePDF Writer. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================


GMER.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 00:52:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C
Running: gmer.exe; Driver: C:\Users\Yijun\AppData\Local\Temp\agddrpog.sys


---- System - GMER 1.0.15 ----

INT 0x01 \??\C:\Users\Yijun\AppData\Local\Temp\mbr.sys A15DAC42

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Yijun\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!SetWindowLongA 77A3E7CD 5 Bytes JMP 6502F0D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!SetWindowLongW 77A413B4 5 Bytes JMP 6502F069 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!GetWindowInfo 77A4428E 5 Bytes JMP 64E456CB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3116] USER32.dll!TrackPopupMenu 77A514F3 5 Bytes JMP 64E45CE7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!FindResourceExA 776E260D 7 Bytes JMP 280A7630 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!FindResourceA 776E26EB 5 Bytes JMP 280A75A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!LockResource 77706AFF 5 Bytes JMP 280A77E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!FindResourceExW 77706C1D 7 Bytes JMP 280A7520 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!LoadResource 77706CFB 7 Bytes JMP 280A76C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!FindResourceW 777081C1 5 Bytes JMP 280A74A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!SizeofResource 777081DF 7 Bytes JMP 280A7770 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] kernel32.dll!CreateEventW 7770B87E 5 Bytes JMP 280A7080 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] ADVAPI32.dll!CryptDeriveKey 7613FCAE 7 Bytes JMP 280A67E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] ADVAPI32.dll!CryptDecrypt 7613FE91 7 Bytes JMP 280A6840 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!CreateDialogParamW 77A372A2 2 Bytes JMP 280AC830 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!CreateDialogParamW + 3 77A372A5 2 Bytes [67, B0]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!SetWindowPlacement 77A37963 5 Bytes JMP 280AC6E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!SetWindowRgn 77A3A221 7 Bytes JMP 280AC780 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!LoadImageW 77A3C9E5 5 Bytes JMP 280ACE80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!LoadIconW 77A3DA9F 5 Bytes JMP 280AD000 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!CreateWindowExW 77A41305 5 Bytes JMP 280A8DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!GetWindowLongW 77A4F8BF 7 Bytes JMP 280AD130 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!PeekMessageW 77A5045A 5 Bytes JMP 280A9AA0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!TrackPopupMenuEx 77A60CE7 5 Bytes JMP 280AA1A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] USER32.dll!MessageBoxIndirectW 77A8D5D3 5 Bytes JMP 280ACA60 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] SHELL32.dll!Shell_NotifyIconW 76478642 5 Bytes JMP 280A8400 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] ole32.dll!CoRegisterClassObject 77587DBE 5 Bytes JMP 280A7B40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] ole32.dll!CoCreateInstance 775C9F3E 5 Bytes JMP 280A7DC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] ole32.dll!CoInitializeEx 775CADFB 5 Bytes JMP 280A7A40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] WININET.dll!InternetCloseHandle 7710B7C4 5 Bytes JMP 280B0900 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] WININET.dll!InternetReadFile 7710EA3A 5 Bytes JMP 280B07C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] WININET.dll!HttpOpenRequestA 77135539 5 Bytes JMP 280B0660 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4612] WININET.dll!HttpSendRequestA 77165768 5 Bytes JMP 280B0860 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5884] ntdll.dll!LdrLoadDll 778993A8 5 Bytes JMP 00FA1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f61005
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f61005@0024efdd8a98 0xF5 0x64 0x39 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1f61005@a4d1d22840ed 0xDE 0x87 0x39 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001fe1f61005 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001fe1f61005@0024efdd8a98 0xF5 0x64 0x39 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001fe1f61005@a4d1d22840ed 0xDE 0x87 0x39 0x76 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xD4 0xB3 0x6C 0x48 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BEB508-3CB9-23F5-A1A1-F91820FA2FB0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BEB508-3CB9-23F5-A1A1-F91820FA2FB0}@madhojcceaiblemnfafgjhgihp 0x6A 0x61 0x62 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BEB508-3CB9-23F5-A1A1-F91820FA2FB0}@nanheiabnobffkeggjpcejgdkbmg 0x6A 0x61 0x62 0x6A ...

---- EOF - GMER 1.0.15 ----


Thank you very much for your help.

Edited by tearsunderstars, 15 August 2011 - 06:18 AM.


BC AdBot (Login to Remove)

 


#2 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 18 August 2011 - 05:24 AM

I'm sorry but I have to bump this. It seems that my query was ignored and will be buried in the depths of forum posts,I see that even newer posts with similar problems have been solved. Even if I were to be ignored, I'd like to know why. So sorry and thank you.

Edit: Alright, I'm really sorry for bumping this topic. I will wait then. Thank you orange blossom for clarifying.

Edited by tearsunderstars, 19 August 2011 - 04:16 AM.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,842 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:17 PM

Posted 18 August 2011 - 02:04 PM

I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have abput 170 unanswered topics. About 15 of them are older than yours. The oldest dated Aug. 13, 2011 at 5:17:16 p.m. Eastern Daylight Savings time in the U.S.A. Your log topic is dated August 14, 2011 AT 1:05 PM using the same time zone.

Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take a couple more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 04:21 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 August 2011 - 06:57 AM

Dear Elise,

Thank you so much for helping me out. I'm very grateful and sorry for bumping the topic.

Right now after several issues with my wireless (which has been erratically working and not working), hanging computer after a few clicks (which forced me to shut down hard), it seems that the Google Redirect Virus was mysteriously gone as I'm no longer being redirected in my Google searches (for now). However I still have one issue, that is when I search in Firefox or Internet Explorer, I'm still redirected to search.imesh.com as the search engine although I don't want to. I've uninstalled iMesh long time ago (never used it at all!). So I am presuming that some malware is still at work in my computer but is not detected. And also, I'm feeling somewhat unsecure that I'm no longer being redirected. This is because when I was still infected, I took every possible step to remove (such as Malwarebytes, TDSSKiller, Combofix) but nothing seems to be working, as I was still being redirected. After that I gave up on it and posted my problem here, I didn't take any extra steps to remove it. All that happened was that my computer kept hanging at certain times and the wireless stops working at certain times. After several forced shut-downs (by pressing and holding the button), the virus seems to be gone, as I'm no longer redirected to the "trafficlights.in" as shown above. But I can't really say that it's been resolved because I'm not sure what exactly happened.

Here's the DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Yijun at 19:30:13 on 2011-08-19
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.65.1033.18.3069.1458 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\LMabcoms.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12lite\imesc\IMSCMig.exe /INSTALL
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [New Value #1] “ctfmon”=”CTFMON.EXE”
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.169.34.181 203.120.90.40
TCP: Interfaces\{5B6E4B37-C9AB-4D32-8328-1A4B239A70AE} : DhcpNameServer = 192.169.34.181 203.120.90.40
TCP: Interfaces\{BB3C85C4-D5D3-4320-B1CD-A5F0C885CE07} : DhcpNameServer = 192.169.34.181 203.120.90.40
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yijun\appdata\roaming\mozilla\firefox\profiles\60s2ewqp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-7-9 43184]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-22 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-7-9 3471360]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-13 366640]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2008-1-7 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2008-1-7 36432]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-22 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-22 84240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-13 22712]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-9 123496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-10 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-10 79104]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-1-7 575064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-19 10:51:46 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8fcba61a-bd45-4fad-a6e8-417c489e702d}\mpengine.dll
2011-08-19 10:46:32 -------- d-----w- c:\users\yijun\appdata\local\{DEA455EA-91EE-4E53-A297-9E65FA5EF3AF}
2011-08-19 10:46:28 -------- d-----w- c:\users\yijun\appdata\local\{162422E1-F16C-4585-A98D-A2E8EB56B0EC}
2011-08-18 14:03:28 -------- d-----w- c:\program files\CCleaner
2011-08-18 12:00:47 -------- d-----w- c:\users\yijun\appdata\local\{E9849616-9560-4265-B2FC-3AFF4679B913}
2011-08-18 11:58:09 -------- d-----w- c:\users\yijun\appdata\local\{309EDD72-0A2A-4572-AE5C-38254E6193E8}
2011-08-18 11:49:27 -------- d-----w- c:\users\yijun\appdata\local\{0806A374-AEB0-44E6-9385-F243D3F099F4}
2011-08-18 11:45:56 -------- d-----w- c:\users\yijun\appdata\local\{6CFB87E0-420B-4727-B6DD-6BADF2709D98}
2011-08-17 15:43:31 -------- d-----w- c:\users\yijun\appdata\local\{D0EB108A-840A-4444-BCA8-ED3B22FD7DBA}
2011-08-17 15:43:25 -------- d-----w- c:\users\yijun\appdata\local\{E1572658-0C1A-4669-A53D-7EDB3E90A2D9}
2011-08-16 13:36:01 -------- d-----w- c:\users\yijun\appdata\local\{6ED97615-84B0-4E13-BC36-E7BF4F8BAC00}
2011-08-16 13:35:49 -------- d-----w- c:\users\yijun\appdata\local\{D292EA14-E613-4218-A8A2-0C08A578CB1C}
2011-08-16 13:35:45 -------- d-----w- c:\users\yijun\appdata\local\{F20ED470-0317-43ED-9A82-12CA463EE824}
2011-08-16 01:35:20 -------- d-----w- c:\users\yijun\appdata\local\{BAC7740E-4BD2-489B-ACA1-39F86B2EBE7B}
2011-08-16 01:35:14 -------- d-----w- c:\users\yijun\appdata\local\{33E74B2F-6021-4D4F-99E2-52ED952C4F28}
2011-08-16 01:35:10 -------- d-----w- c:\users\yijun\appdata\local\{2676698D-AA61-4EB8-BE90-EA18F4B1439A}
2011-08-15 14:32:50 -------- d-----w- c:\program files\Avidemux 2.5
2011-08-15 10:34:52 -------- d-----w- c:\users\yijun\appdata\local\{DF8E4E12-BD96-420A-BDC5-DC9CEA8A67F8}
2011-08-15 10:34:48 -------- d-----w- c:\users\yijun\appdata\local\{471D3368-E511-45AB-B32A-DC6E1AB1ABC6}
2011-08-14 16:18:19 -------- d-----w- c:\users\yijun\appdata\local\{CB52EC2A-95F0-46F7-91C6-73957AD9B6AB}
2011-08-14 16:18:16 -------- d-----w- c:\users\yijun\appdata\local\{99E98176-0296-4251-A7E3-AECF42BDCCA4}
2011-08-14 16:18:13 -------- d-----w- c:\users\yijun\appdata\local\{9332ABC6-508F-476C-A0D2-38C6D205DDC5}
2011-08-14 16:18:09 -------- d-----w- c:\users\yijun\appdata\local\{450F4FCB-08CC-4D51-BAE8-FE2CDE619233}
2011-08-14 12:00:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-14 10:24:41 -------- d-----w- c:\users\yijun\appdata\local\temp
2011-08-14 10:06:14 518144 ----a-w- c:\windows\SWREG.exe
2011-08-14 10:06:14 256000 ----a-w- c:\windows\PEV.exe
2011-08-14 10:06:14 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 10:06:13 98816 ----a-w- c:\windows\sed.exe
2011-08-14 04:17:39 -------- d-----w- c:\users\yijun\appdata\local\{CF7201B0-6F39-4CC9-9C8A-81777BF66214}
2011-08-14 04:17:36 -------- d-----w- c:\users\yijun\appdata\local\{FF5991C9-6BC1-4C39-BC4C-89AB7E0AA059}
2011-08-14 04:17:33 -------- d-----w- c:\users\yijun\appdata\local\{0B30964C-6BC1-4530-952A-FBEDE4B680E6}
2011-08-14 04:17:29 -------- d-----w- c:\users\yijun\appdata\local\{524BF19D-D454-4D80-A64B-E9237039DF5A}
2011-08-13 16:16:56 -------- d-----w- c:\users\yijun\appdata\local\{94D6F31E-729B-4F3C-BE26-5E8899395F2C}
2011-08-13 16:16:52 -------- d-----w- c:\users\yijun\appdata\local\{0C837FD3-B3FB-4E14-975B-71901994AD2E}
2011-08-13 16:16:48 -------- d-----w- c:\users\yijun\appdata\local\{D0023B37-DCB6-4DB1-A4F1-9EEB3C2A50C9}
2011-08-13 16:16:43 -------- d-----w- c:\users\yijun\appdata\local\{F30813E6-E54A-4D3F-B87B-403D4F1648A4}
2011-08-13 07:43:52 -------- d-----w- c:\users\yijun\appdata\roaming\Malwarebytes
2011-08-13 07:43:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 07:43:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 07:43:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 07:43:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 04:16:33 -------- d-----w- c:\users\yijun\appdata\local\{52332B44-8C45-4121-AC1C-F575750433B4}
2011-08-13 04:16:30 -------- d-----w- c:\users\yijun\appdata\local\{2FF15E11-8BDE-4AE6-92CA-F6ADD833289B}
2011-08-13 04:16:22 -------- d-----w- c:\users\yijun\appdata\local\{C0BFADEC-3EF4-41E7-B278-8BA0F5DCF0A7}
2011-08-13 04:16:17 -------- d-----w- c:\users\yijun\appdata\local\{FDC6969E-19F6-4F72-BC6D-D5BA50E1BBD9}
2011-08-12 16:07:49 -------- d-----r- c:\users\yijun\Dropbox
2011-08-12 15:48:08 -------- d-----w- c:\users\yijun\appdata\local\{99F7C50F-2E45-494A-B6F7-8ADA50235E6F}
2011-08-12 15:47:58 -------- d-----w- c:\users\yijun\appdata\local\{1AEAC52B-2190-4AF5-998F-0A91D690313A}
2011-08-12 15:38:37 -------- d-----w- c:\users\yijun\appdata\local\{A4EF82FF-35EA-43E6-B278-1F9093D1E2F1}
2011-08-12 15:38:16 -------- d-----w- c:\users\yijun\appdata\local\{5D8D8A7B-C4BD-4677-AED1-0883C18F8933}
2011-08-11 15:27:07 -------- d-----w- c:\users\yijun\appdata\local\{ACE90E5F-4B15-4D78-BF21-42129F82327F}
2011-08-11 15:27:04 -------- d-----w- c:\users\yijun\appdata\local\{F496A9CD-849A-4B5F-9E37-91848095EDA3}
2011-08-11 15:27:00 -------- d-----w- c:\users\yijun\appdata\local\{2F6C992E-F2B4-4FCC-8978-AE095EACFB3C}
2011-08-11 15:26:56 -------- d-----w- c:\users\yijun\appdata\local\{B94FA948-358E-42FB-9CE0-C3F05E7E8EE0}
2011-08-11 15:26:52 -------- d-----w- c:\users\yijun\appdata\local\{A8D4A841-FB0D-4C32-85B3-68B0E1E260E4}
2011-08-11 03:43:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 03:43:01 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 03:42:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 03:41:03 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:41:03 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:40:56 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 03:26:21 -------- d-----w- c:\users\yijun\appdata\local\{A6CAF4E2-97DB-4748-8D56-D1AF1B1ABE1C}
2011-08-11 03:26:11 -------- d-----w- c:\users\yijun\appdata\local\{CC1DD09D-C405-430D-85AC-50797DA5D3F1}
2011-08-11 03:26:08 -------- d-----w- c:\users\yijun\appdata\local\{FC5B9583-A08C-49AE-92D3-76592B15B433}
2011-08-11 03:26:04 -------- d-----w- c:\users\yijun\appdata\local\{9D1A5935-E747-4C55-80BA-672871B1C3C6}
2011-08-11 03:26:01 -------- d-----w- c:\users\yijun\appdata\local\{2B8996BE-3198-4272-94B0-74558E60E912}
2011-08-11 03:25:55 -------- d-----w- c:\users\yijun\appdata\local\{2014BFF1-0D32-4FF1-B14C-0B228D30AF8E}
2011-08-10 14:33:03 -------- d-----w- c:\users\yijun\appdata\local\{B7F13025-73A1-4277-8C6F-441A3745B651}
2011-08-10 14:32:59 -------- d-----w- c:\users\yijun\appdata\local\{0F614298-C67B-4536-A95F-7CE75759B825}
2011-08-10 14:32:55 -------- d-----w- c:\users\yijun\appdata\local\{E21C7DAB-B830-4C8D-B679-A42794F96B7D}
2011-08-10 14:32:51 -------- d-----w- c:\users\yijun\appdata\local\{85ADBC83-A1CB-4F9C-B118-1F8CC090CBE3}
2011-08-10 14:32:44 -------- d-----w- c:\users\yijun\appdata\local\{3231B3F0-04F4-4F0F-BCE6-B4AF1CAC8D13}
2011-08-10 14:32:40 -------- d-----w- c:\users\yijun\appdata\local\{D5A95D9A-381E-4A9F-9EF1-A4AC6E8B3ED1}
2011-08-10 02:13:02 -------- d-----w- c:\users\yijun\appdata\local\{E1CE8E9C-7DA9-4C21-A06F-A1A0FC0F01ED}
2011-08-10 02:12:58 -------- d-----w- c:\users\yijun\appdata\local\{ACF36C2C-49C8-40A0-BA4E-E1CCCDBAD5DC}
2011-08-10 02:12:55 -------- d-----w- c:\users\yijun\appdata\local\{FCAB0952-7B3B-4D11-AA51-02CA77389BDC}
2011-08-10 02:12:51 -------- d-----w- c:\users\yijun\appdata\local\{7EB12446-9B2E-4001-8FFC-F2C0536D26CB}
2011-08-10 02:12:46 -------- d-----w- c:\users\yijun\appdata\local\{31013F7B-1A58-4C82-99A8-85B0F30272D8}
2011-08-10 02:12:37 -------- d-----w- c:\users\yijun\appdata\local\{137E1918-76E0-4CDD-8983-4E946E7AE0F8}
2011-08-09 08:40:52 -------- d-----w- c:\users\yijun\appdata\local\{3F2F6072-03E0-4435-8AC1-CF475867D25C}
2011-08-09 08:40:49 -------- d-----w- c:\users\yijun\appdata\local\{A81DB035-A3AA-494C-B201-542FEB34D17B}
2011-08-09 08:40:47 -------- d-----w- c:\users\yijun\appdata\local\{92B9FFF7-8F68-4A8A-80E1-2A86565BE149}
2011-08-09 08:40:44 -------- d-----w- c:\users\yijun\appdata\local\{0806D310-A3B2-4AE2-95DB-2AA234E42AFA}
2011-08-08 20:40:37 -------- d-----w- c:\users\yijun\appdata\local\{31371388-9DB7-4B23-A5E6-A4BD894852FD}
2011-08-08 20:40:33 -------- d-----w- c:\users\yijun\appdata\local\{F37AFE3C-30E6-4424-93C5-D587B165A2BF}
2011-08-08 20:40:30 -------- d-----w- c:\users\yijun\appdata\local\{486C401C-B114-48E1-8054-C6F4A28C2738}
2011-08-08 08:40:24 -------- d-----w- c:\users\yijun\appdata\local\{006B3659-0760-4ACC-B9AA-692152432226}
2011-08-08 08:40:19 -------- d-----w- c:\users\yijun\appdata\local\{AC9656BD-90FB-41E1-B662-40E299D3CD8A}
2011-08-07 20:40:08 -------- d-----w- c:\users\yijun\appdata\local\{F9663782-9B16-4886-B27E-453A603EEBC8}
2011-08-07 20:40:03 -------- d-----w- c:\users\yijun\appdata\local\{16F183E2-54BD-4696-9985-14B56C8B20D7}
2011-08-07 08:39:36 -------- d-----w- c:\users\yijun\appdata\local\{E72764A7-C844-441F-91C3-F43BBEF20D7B}
2011-08-07 08:39:31 -------- d-----w- c:\users\yijun\appdata\local\{93289E09-24FD-4F34-8A4D-79F4C76510DC}
2011-08-06 20:38:18 -------- d-----w- c:\users\yijun\appdata\roaming\Rovio
2011-08-06 20:37:04 -------- d-----w- c:\program files\Rovio
2011-08-06 16:22:04 -------- d-----w- c:\users\yijun\appdata\local\{F2D053FF-B264-4CDE-B316-C7CE6F77281E}
2011-08-06 16:21:55 -------- d-----w- c:\users\yijun\appdata\local\{3F3341F9-D919-4D65-947B-06E4C1363B03}
2011-08-06 04:21:46 -------- d-----w- c:\users\yijun\appdata\local\{6442F503-247A-437D-B517-A740CC824B06}
2011-08-06 04:21:43 -------- d-----w- c:\users\yijun\appdata\local\{223244C0-12B8-4583-9B4E-E051AB6F1FCA}
2011-08-06 04:21:40 -------- d-----w- c:\users\yijun\appdata\local\{5A8C433A-2BA7-43A3-A7D8-E85A95ED8EC2}
2011-08-06 04:21:37 -------- d-----w- c:\users\yijun\appdata\local\{95235896-E383-4E4E-829B-F15648FA6F5B}
2011-08-05 16:21:29 -------- d-----w- c:\users\yijun\appdata\local\{CE2AB31B-0944-4D7F-A91C-4AA53272C10C}
2011-08-05 16:21:26 -------- d-----w- c:\users\yijun\appdata\local\{B2094896-A6F3-4BC2-85A4-207B007A8111}
2011-08-05 16:21:23 -------- d-----w- c:\users\yijun\appdata\local\{648D0A7F-D841-483E-8662-04267510A233}
2011-08-05 16:21:18 -------- d-----w- c:\users\yijun\appdata\local\{55C97CDF-2124-4BE8-9B9D-D6432823C41E}
2011-08-05 04:20:55 -------- d-----w- c:\users\yijun\appdata\local\{2065B93A-767D-4B7D-81C5-A7DA3B7813E9}
2011-08-05 04:20:52 -------- d-----w- c:\users\yijun\appdata\local\{F523C453-1154-4908-9F34-DC2A7A243F1F}
2011-08-05 04:20:49 -------- d-----w- c:\users\yijun\appdata\local\{E25B0714-07F5-4DC2-BA0B-F1CC9E69DDBA}
2011-08-05 04:20:46 -------- d-----w- c:\users\yijun\appdata\local\{B9AF0240-CD2A-4C15-92D2-1FCA0A4758DA}
2011-08-04 16:20:36 -------- d-----w- c:\users\yijun\appdata\local\{23F89E2B-FEA0-4D59-921D-3EF2C3AC31BB}
2011-08-04 16:20:29 -------- d-----w- c:\users\yijun\appdata\local\{4D2783D7-06F2-4117-AA6C-67AC5BEF98D8}
2011-08-04 16:20:20 -------- d-----w- c:\users\yijun\appdata\local\{D5B5CF58-28FB-4734-A474-A9672C51ADF8}
2011-08-04 04:20:02 -------- d-----w- c:\users\yijun\appdata\local\{4B2BA5B5-D056-46B5-B564-C3029B9F3765}
2011-08-04 04:19:58 -------- d-----w- c:\users\yijun\appdata\local\{08D76D3E-14C8-45F7-A71A-C24D673B73B9}
2011-08-03 16:19:43 -------- d-----w- c:\users\yijun\appdata\local\{D22E7B46-7D10-4951-B82E-B38D57093D13}
2011-08-03 16:19:39 -------- d-----w- c:\users\yijun\appdata\local\{31D68A27-2347-463C-8987-327FD3192BBF}
2011-08-03 16:19:31 -------- d-----w- c:\users\yijun\appdata\local\{1AB47632-3E54-489D-AFE8-A82EBBF90AB4}
2011-08-03 16:19:26 -------- d-----w- c:\users\yijun\appdata\local\{BB45EA57-E0B6-468D-A2D5-A69661F0ED28}
2011-08-03 04:19:19 -------- d-----w- c:\users\yijun\appdata\local\{24842044-D925-4658-ABED-B9F2587BC4F4}
2011-08-03 04:19:16 -------- d-----w- c:\users\yijun\appdata\local\{A590D310-5E01-4F2E-B0AA-3A91AEA80128}
2011-08-03 04:19:12 -------- d-----w- c:\users\yijun\appdata\local\{6A8CDE07-3F78-47A4-A481-0526FB19EDD3}
2011-08-03 04:19:09 -------- d-----w- c:\users\yijun\appdata\local\{B9F319C2-96AB-49BC-8B6A-E6F0DB8C5234}
2011-08-03 04:19:06 -------- d-----w- c:\users\yijun\appdata\local\{CDE933E8-6AD6-4209-B7A1-56947DBAAC51}
2011-08-03 04:14:28 -------- d-----w- c:\windows\en
2011-08-03 03:08:17 -------- d-----w- c:\users\yijun\appdata\local\{2A072681-073A-4385-AF65-90AB2C15B379}
2011-08-03 03:07:48 -------- d-----w- c:\users\yijun\appdata\local\{74A7AC1A-E740-4AF6-83F7-AC78CBD43AD6}
2011-08-02 07:11:02 -------- d-----w- c:\users\yijun\appdata\local\{560759C1-22A2-4401-9DCA-7A499C574C57}
2011-08-01 19:10:59 -------- d-----w- c:\users\yijun\appdata\local\{46298052-8A74-4350-AA38-BBC34B0C2F43}
2011-08-01 09:31:12 -------- d-----w- c:\program files\uTorrent
2011-08-01 09:30:42 -------- d-----w- c:\users\yijun\appdata\roaming\uTorrent
2011-08-01 09:30:42 -------- d-----w- c:\users\yijun\appdata\local\uTorrent
2011-08-01 07:10:54 -------- d-----w- c:\users\yijun\appdata\local\{D426D3D3-7BE9-4AF4-8F2D-7DBFEFD7560A}
2011-07-31 18:02:49 -------- d-----w- c:\users\yijun\appdata\local\{D4031DA7-79D8-49A1-8F57-B39F14D73AA6}
2011-07-31 06:02:33 -------- d-----w- c:\users\yijun\appdata\local\{73247AF1-9AAE-4183-B076-BAABBCCC56A7}
2011-07-30 17:40:54 -------- d-----w- c:\users\yijun\appdata\local\{2E13C9AB-99B6-48CD-8A34-EF4FFD0E0844}
2011-07-30 17:40:51 -------- d-----w- c:\users\yijun\appdata\local\{498A7216-0203-4843-96D8-604676F2A3BE}
2011-07-30 05:40:48 -------- d-----w- c:\users\yijun\appdata\local\{3C61FFC8-9E5F-4DA6-9A48-68E0784E9816}
2011-07-29 17:40:44 -------- d-----w- c:\users\yijun\appdata\local\{19328387-AD7C-4C5C-B3C0-9BDE484DBCF4}
2011-07-29 05:40:40 -------- d-----w- c:\users\yijun\appdata\local\{1BE96BAE-17A3-4D61-81BC-87F93E46C872}
2011-07-28 17:40:34 -------- d-----w- c:\users\yijun\appdata\local\{74C4A04B-6ECC-4005-82E4-82505BADEC66}
2011-07-28 05:40:16 -------- d-----w- c:\users\yijun\appdata\local\{FE422C31-9DE2-4076-AD31-4F38ED125CD6}
2011-07-27 17:40:12 -------- d-----w- c:\users\yijun\appdata\local\{022657D9-3481-46EB-8E83-56F4722DA17B}
2011-07-27 05:40:09 -------- d-----w- c:\users\yijun\appdata\local\{071AC8FF-1AA9-40BE-A33E-A844DC376574}
2011-07-26 17:39:59 -------- d-----w- c:\users\yijun\appdata\local\{7954422E-F946-4F07-A0CD-1F5D324BFA58}
2011-07-26 17:39:56 -------- d-----w- c:\users\yijun\appdata\local\{FFC0DE61-1EC2-4BD6-A595-0F86E3FB70A4}
2011-07-26 05:39:45 -------- d-----w- c:\users\yijun\appdata\local\{BF04394F-1079-4D6E-8A19-803A8761CB8C}
2011-07-26 05:39:41 -------- d-----w- c:\users\yijun\appdata\local\{414E2E35-F4A5-47BA-95CC-BB51B5281367}
2011-07-25 06:46:51 -------- d-----w- c:\users\yijun\appdata\local\{6927C032-2E59-464B-B003-328C2B379605}
2011-07-25 06:46:49 -------- d-----w- c:\users\yijun\appdata\local\{6E7745B1-C740-4AF6-BB5E-CF9780AA681F}
2011-07-24 18:46:40 -------- d-----w- c:\users\yijun\appdata\local\{6B0C458F-C95F-467E-8695-A4CEB943A1F3}
2011-07-24 18:46:37 -------- d-----w- c:\users\yijun\appdata\local\{E06B308E-BBB6-4248-9092-87CDFCB8414B}
2011-07-24 11:40:33 -------- d-----w- c:\program files\Yamb
2011-07-24 10:48:44 -------- d-----w- c:\users\yijun\appdata\local\www.dvbportal.de
2011-07-24 07:47:38 -------- d-----w- c:\program files\iPod
2011-07-24 06:46:26 -------- d-----w- c:\users\yijun\appdata\local\{4E731A5D-ADAA-4C28-840D-D8AAA8E89771}
2011-07-24 06:46:24 -------- d-----w- c:\users\yijun\appdata\local\{1347042D-804B-4D56-9778-6A28169929D7}
2011-07-23 18:46:13 -------- d-----w- c:\users\yijun\appdata\local\{32580961-72D7-446F-A073-34436628522B}
2011-07-23 18:46:09 -------- d-----w- c:\users\yijun\appdata\local\{99E22A85-C939-4A2E-87B8-5B2D26F3FC2A}
2011-07-23 07:06:35 -------- d-----w- c:\program files\Unlocker
2011-07-23 06:45:50 -------- d-----w- c:\users\yijun\appdata\local\{78D91BAB-8E9A-4F79-A72D-09EFAFDEA0DE}
2011-07-22 18:44:09 -------- d-----w- c:\users\yijun\appdata\local\{B9230AC0-3378-4EC7-9BE4-06E28FC85553}
2011-07-22 18:43:11 -------- d-----w- c:\users\yijun\appdata\local\{EF6C3B52-4514-4399-B26B-753B5EB51F0E}
2011-07-22 06:42:20 -------- d-----w- c:\users\yijun\appdata\local\{DB3D7CF5-2821-4C9E-B8ED-12C5283A848A}
2011-07-22 06:42:06 -------- d-----w- c:\users\yijun\appdata\local\{28EAA177-65F0-445F-96C4-AEDA794EABAA}
2011-07-21 18:01:35 -------- d-----w- c:\users\yijun\appdata\local\{30BB1E52-5872-45D7-A9C1-42BB4BE58508}
2011-07-21 06:01:26 -------- d-----w- c:\users\yijun\appdata\local\{B436938F-0EE1-475F-8CBD-04556B3C16D6}
2011-07-20 18:01:17 -------- d-----w- c:\users\yijun\appdata\local\{68C9B582-8709-4112-954F-B029C4412FE4}
.
==================== Find3M ====================
.
2011-08-19 10:46:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 03:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 10:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 10:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-26 02:22:50 11488 ----a-w- c:\windows\system32\METAbolt_applet.cpl
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:31:29.51 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2008 9:26:55 AM
System Uptime: 19/8/2011 6:43:09 PM (1 hours ago)
.
Motherboard: Acer | | Aspire 4930
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | uPGA-478 | 2533/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 61.025 GiB free.
D: is FIXED (NTFS) - 140 GiB total, 74.713 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 794.388 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
???????2007
µTorrent
7-Zip 4.65
abcAVI
Acer Bio Protection
Acer Crystal Eye Webcam 3.0.5.1
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Add or Remove Adobe Creative Suite 3 Master Collection
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agere Systems HDA Modem
AHV content for Acrobat and Flash
Alarm 2.0.4
Angry Birds
Angry Birds Rio
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AuthenTec Fingerprint Sensor Minimum Install
Avidemux 2.5 (32-bit)
Brother MFL-Pro Suite
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CDisplay 1.8
CutePDF Writer 2.7
D3DX10
Digital Voice Editor 3
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dropbox
DVD Decrypter (Remove Only)
FileZilla Client 3.5.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juniper Networks Network Connect 6.0.0
Juniper Networks Network Connect 6.3.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Launch Manager
Lexmark Software Uninstall
LightScribe 1.4.142.1
Little Fighter 2 version 2.0a
Lizardtech DjVu Control
Malwarebytes' Anti-Malware version 1.51.1.1800
Mega Bomberman
Messenger Plus! 5
METAbolt
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
mIRC
MKVtoolnix 4.4.0
Mozilla Firefox 6.0 (x86 en-GB)
MSVCRT
MuseScore 1.1 MuseScore score typesetter
No-IP.com DUC (remove only)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
OGA Notifier 2.0.0048.0
PC Wizard 2008.1.84
PDF Settings
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.89
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Segoe UI
SF2 Splitter 1.1
sfArk
SFPack
Sony Ericsson PC Suite 3.209.00
Spelling Dictionaries Support For Adobe Reader 8
SQL Server System CLR Types
Synaptics Pointing Device Driver
System Requirements Lab
Trend Micro OfficeScan Client
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Viena
Vista Codec Package
VLC media player 1.1.7
VobSub v2.23 (Remove Only)
Windows Driver Package - ENE (enecir) HIDClass (01/23/2008 2.4.0.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
x264vfw - H.264/MPEG-4 AVC codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
19/8/2011 7:25:52 PM, Error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
19/8/2011 6:43:39 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
19/8/2011 6:43:34 PM, Error: volmgr [46] - Crash dump initialization failed!
18/8/2011 9:50:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the OfficeScan NT Listener service to connect.
18/8/2011 9:50:35 PM, Error: Service Control Manager [7000] - The OfficeScan NT Listener service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/8/2011 9:46:27 PM, Error: EventLog [6008] - The previous system shutdown at 9:43:39 PM on 18/8/2011 was unexpected.
18/8/2011 9:40:45 PM, Error: EventLog [6008] - The previous system shutdown at 9:39:16 PM on 18/8/2011 was unexpected.
18/8/2011 8:03:22 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_013E1025&REV_00\4&742566f&0&04E4) disappeared from the system without first being prepared for removal.
18/8/2011 8:03:22 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_013E1025&REV_00\4&742566f&0&00E4) disappeared from the system without first being prepared for removal.
18/8/2011 8:03:22 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_013E1025&REV_00\4&742566f&0&02E4) disappeared from the system without first being prepared for removal.
18/8/2011 8:03:22 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_013E1025&REV_00\4&742566f&0&03E4) disappeared from the system without first being prepared for removal.
18/8/2011 7:45:47 PM, Error: PlugPlayManager [12] - The device 'Intel® WiFi Link 5300 AGN' (PCI\VEN_8086&DEV_4235&SUBSYS_10018086&REV_00\4&24739fab&0&00E1) disappeared from the system without first being prepared for removal.
17/8/2011 11:40:44 PM, Error: EventLog [6008] - The previous system shutdown at 11:38:07 PM on 17/8/2011 was unexpected.
16/8/2011 5:55:36 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B6E4B37-C9AB-4D32-8328-1A4B239A70. The master browser is stopping or an election is being forced.
15/8/2011 6:32:18 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
15/8/2011 6:32:01 PM, Error: EventLog [6008] - The previous system shutdown at 6:29:45 PM on 15/8/2011 was unexpected.
14/8/2011 9:44:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:41:18 PM on 14/8/2011 was unexpected.
14/8/2011 9:32:13 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
14/8/2011 9:10:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/8/2011 9:03:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
14/8/2011 9:03:21 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 9:03:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
14/8/2011 8:54:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lmab_device service to connect.
14/8/2011 8:54:24 PM, Error: Service Control Manager [7000] - The lmab_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 8:54:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service lmab_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441075}
14/8/2011 8:51:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.
14/8/2011 8:51:29 PM, Error: Service Control Manager [7000] - The Windows Mobile-based device connectivity service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/8/2011 8:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RapiMgr with arguments "" in order to run the server: {ED081F25-6A77-4C89-B689-C6E15C582EC1}
14/8/2011 8:49:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:48:30 PM on 14/8/2011 was unexpected.
14/8/2011 8:39:16 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0016EA5FBECC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
14/8/2011 8:35:37 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:35 PM on 14/8/2011 was unexpected.
14/8/2011 8:28:41 PM, Error: EventLog [6008] - The previous system shutdown at 8:27:07 PM on 14/8/2011 was unexpected.
14/8/2011 7:48:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/8/2011 7:36:13 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
14/8/2011 7:36:13 PM, Error: Service Control Manager [7034] - The iGroupTec Service service terminated unexpectedly. It has done this 1 time(s).
14/8/2011 5:58:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
14/8/2011 5:55:15 PM, Error: EventLog [6008] - The previous system shutdown at 5:53:20 PM on 14/8/2011 was unexpected.
14/8/2011 3:26:29 AM, Error: EventLog [6008] - The previous system shutdown at 3:22:50 AM on 14/8/2011 was unexpected.
14/8/2011 3:19:56 AM, Error: EventLog [6008] - The previous system shutdown at 3:14:27 AM on 14/8/2011 was unexpected.
14/8/2011 10:25:48 PM, Error: EventLog [6008] - The previous system shutdown at 10:24:33 PM on 14/8/2011 was unexpected.
12/8/2011 3:32:12 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer CutePDF Writer with shared resource name CutePDF Writer. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 07:57 AM

Please post me also the combofix log. It will be located at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 August 2011 - 08:25 AM

Dear Elise,

Here's the Combofix.txt of the last Combofix run. Thank you.

ComboFix 11-08-14.02 - Yijun 14/08/2011 19:36:24.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.65.1033.18.3069.1617 [GMT 8:00]
Running from: c:\users\Yijun\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 11:48 . 2011-08-14 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-14 10:24 . 2011-08-14 11:48 -------- d-----w- c:\users\Yijun\AppData\Local\temp
2011-08-13 07:43 . 2011-08-13 07:43 -------- d-----w- c:\users\Yijun\AppData\Roaming\Malwarebytes
2011-08-13 07:43 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 07:43 . 2011-08-13 07:43 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 07:43 . 2011-08-13 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 07:43 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 16:07 . 2011-08-14 11:16 -------- d-----r- c:\users\Yijun\Dropbox
2011-08-12 15:56 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{742126F2-EF47-4D7C-B7A8-0C1DC435E3CA}\mpengine.dll
2011-08-11 03:43 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 03:43 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 03:42 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 03:41 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 03:41 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 03:40 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 10:52 . 2011-07-19 09:11 1847296 ----a-w- c:\program files\Mozilla Firefox\extensions\{1fb05c5e-4c04-0fa7-35fc-ee3707444fb9}\components\484ffcb1.dll
2011-08-06 20:38 . 2011-08-06 21:07 -------- d-----w- c:\users\Yijun\AppData\Roaming\Rovio
2011-08-06 20:37 . 2011-08-07 10:01 -------- d-----w- c:\program files\Rovio
2011-08-03 04:14 . 2011-08-13 19:11 -------- d-----w- c:\windows\en
2011-08-01 09:31 . 2011-08-01 09:31 -------- d-----w- c:\program files\uTorrent
2011-08-01 09:30 . 2011-08-07 19:27 -------- d-----w- c:\users\Yijun\AppData\Roaming\uTorrent
2011-08-01 09:30 . 2011-08-01 09:30 -------- d-----w- c:\users\Yijun\AppData\Local\uTorrent
2011-07-24 11:40 . 2011-07-24 11:56 -------- d-----w- c:\program files\Yamb
2011-07-24 10:48 . 2011-07-24 10:50 -------- d-----w- c:\users\Yijun\AppData\Local\www.dvbportal.de
2011-07-24 07:47 . 2011-07-24 07:47 -------- d-----w- c:\program files\iPod
2011-07-23 07:06 . 2011-07-23 07:09 -------- d-----w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 04:09 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-12 03:20 . 2011-07-12 03:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:20 . 2011-07-12 03:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-26 02:22 . 2011-06-26 02:22 11488 ----a-w- c:\windows\system32\METAbolt_applet.cpl
2011-06-17 07:02 . 2011-05-24 13:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 19:13 . 2009-05-24 20:59 112640 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2011-06-16 19:12 . 2009-05-24 20:59 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-02 13:34 . 2011-07-13 10:40 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:14 . 2009-10-02 18:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-08 07:31 . 2011-08-14 09:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-07-04 02:33 . 2009-01-24 13:52 24576 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yijun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yijun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yijun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Yijun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.EXE" [2007-05-11 713648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"New Value #1"="“ctfmon”=”CTFMON.EXE”" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\ime12lite\imesc\IMSCMig.exe" [2008-04-11 38432]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Yijun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yijun\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-08 18:35 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ imsc12li.ime
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Yijun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Yijun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 10:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-07 12:54 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 13:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-05-09 21:07 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 10:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-02 18:36 850440 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 11:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 17:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 10:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
2009-03-19 23:30 7308584 ----a-w- c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2744448555-1961322237-481579980-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2744448555-1961322237-481579980-500]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-07-08 3471360]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [x]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2009-03-10 131456]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-01-07 575064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-08 43184]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-20 249424]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2010-10-20 36432]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.169.34.181 203.120.90.40
FF - ProfilePath - c:\users\Yijun\AppData\Roaming\Mozilla\Firefox\Profiles\60s2ewqp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 19:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2744448555-1961322237-481579980-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21BEB508-3CB9-23F5-A1A1-F91820FA2FB0}*]
"madhojcceaiblemnfafgjhgihp"=hex:6a,61,62,6a,67,6f,63,69,6b,6d,61,61,6b,6e,6b,
65,6f,66,70,69,00,f5
"nanheiabnobffkeggjpcejgdkbmg"=hex:6a,61,62,6a,67,6f,63,69,6b,6d,61,61,6b,6e,
6b,65,6f,66,70,69,00,f5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1848)
c:\users\Yijun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\nvshext.dll
.
Completion time: 2011-08-14 20:01:17
ComboFix-quarantined-files.txt 2011-08-14 12:01
ComboFix2.txt 2011-08-14 11:09
.
Pre-Run: 62,337,921,024 bytes free
Post-Run: 62,076,694,528 bytes free
.
- - End Of File - - AD32040ECF819F0FD4874235602CD29B



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 10:53 AM

Looks like a router hijack. Please reset your router and let me know if that solves the problem. Typically you can do this by pressing the Reset button on your router with the router powered off for about ten seconds.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 August 2011 - 12:23 PM

Dear Elise,

I've just reset the router. I'm still being redirected to search.imesh.com if I type any keywords in IE or Firefox default home page. But as just now my searches on Google are not being directed. The Combofix log is that of several days ago. If I have to run Combofix again, please let me know. Thank you.

Edited by tearsunderstars, 19 August 2011 - 12:30 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 12:27 PM

Do you mean that Imesh search is set as your homepage in FF/IE?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 August 2011 - 12:35 PM

No, I didn't set imesh search as the homepage. For example, the default home page address for Firefox is about:home. There will be a space for me to type the keywords. When I type any keyword in it, it'll redirect to me to search.imesh.com. The same thing occurs when I type any keyword in the address bar. It'll simply redirect to search.imesh.com. I find it peculiar as I already removed everything iMesh on this computer loooooong time back (by normal uninstall, and using tools to clean up registry, and deleting the folder in C:\Program Files). I can show you some screenshots if you need.

Edited by tearsunderstars, 19 August 2011 - 12:40 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 12:39 PM

No need, I understand what you mean: Imesh is the default search provider. Please run the following scan.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 August 2011 - 12:58 PM

Dear Elise,

Here are the logs you have requested, thank you.

OTL.txt

OTL logfile created on: 20/8/2011 1:44:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Yijun\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 32.63% Memory free
6.19 Gb Paging File | 3.85 Gb Available in Paging File | 62.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.06 Gb Total Space | 60.98 Gb Free Space | 42.33% Space Free | Partition Type: NTFS
Drive D: | 140.48 Gb Total Space | 74.71 Gb Free Space | 53.18% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 794.39 Gb Free Space | 85.28% Space Free | Partition Type: NTFS

Computer Name: YIJUN | User Name: Yijun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 01:42:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Yijun\Desktop\OTL.exe
PRC - [2011/08/18 20:00:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/12/09 21:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/09 02:35:37 | 003,294,720 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008/07/09 02:35:33 | 003,471,360 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008/04/18 02:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/22 04:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/19 02:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/21 10:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/07 21:52:08 | 000,427,384 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2007/12/11 18:31:52 | 000,710,000 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2007/12/11 18:31:04 | 000,808,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2007/12/11 18:31:00 | 000,779,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2007/05/11 21:38:00 | 000,713,648 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
PRC - [2007/01/12 23:51:30 | 000,508,848 | ---- | M] ( ) -- C:\Windows\System32\LMabcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 18:46:37 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/18 23:31:49 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d3c13d5411e22001521d2254921a1f85\CustomMarshalers.ni.dll
MOD - [2011/08/18 22:33:31 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ca2bb66044518a2e0113e69e19d7d892\System.Windows.Forms.ni.dll
MOD - [2011/08/18 22:33:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8bb817a416e2e0a17715891348cf891f\System.Drawing.ni.dll
MOD - [2011/08/18 22:33:08 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b5e4b3b09f81a6f8b436bc15f9b16036\System.Web.ni.dll
MOD - [2011/08/18 22:32:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\bbc93fb36130f88012f47d7097476e49\System.Xml.ni.dll
MOD - [2011/08/18 22:32:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b719cb68a930393f26bfa0b5be2cd87c\System.Configuration.ni.dll
MOD - [2011/08/18 22:32:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\06d367f8b2a49f7cadf69c7e5cc0405a\Accessibility.ni.dll
MOD - [2011/08/18 22:09:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\75cd2c843ebb6c834415abe66c198f30\System.ni.dll
MOD - [2011/08/18 22:09:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2575a593f2929134e277a8007831b966\mscorlib.ni.dll
MOD - [2011/08/18 20:00:57 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 12:47:08 | 000,077,312 | ---- | M] () -- C:\Users\Yijun\AppData\Roaming\Mozilla\Firefox\Profiles\60s2ewqp.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCoreGecko6.dll
MOD - [2011/03/02 11:11:33 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/03/02 11:11:22 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2011/03/02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2010/09/07 16:13:03 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/03/30 12:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/01/18 15:50:01 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/21 07:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/12/09 21:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/20 07:35:17 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/09 02:35:33 | 003,471,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/03/22 04:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/19 02:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 10:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 10:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 10:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/07 21:45:52 | 000,575,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2007/12/11 18:31:04 | 000,808,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2007/12/11 18:31:00 | 000,779,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/12 23:51:30 | 000,508,848 | ---- | M] ( ) [On_Demand | Running] -- C:\Windows\System32\LMabcoms.exe -- (lmab_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/20 18:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 18:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 18:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/10/17 02:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/08 04:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/12/09 21:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/03/11 02:55:00 | 000,131,456 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/10 12:26:00 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/07/09 02:35:28 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/05/30 23:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/04/12 08:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/01 06:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/25 04:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/07 21:45:54 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/01/07 21:45:54 | 000,073,288 | ---- | M] (Trend Micro Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/01/26 14:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/03 12:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 20:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/07 20:25:53 | 000,000,000 | ---D | M]

[2011/06/07 01:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yijun\AppData\Roaming\Mozilla\Extensions
[2011/08/17 23:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yijun\AppData\Roaming\Mozilla\Firefox\Profiles\60s2ewqp.default\extensions
[2011/08/17 23:50:22 | 000,000,000 | ---D | M] (Messenger Plus Live Community Toolbar) -- C:\Users\Yijun\AppData\Roaming\Mozilla\Firefox\Profiles\60s2ewqp.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2011/06/06 02:57:00 | 000,002,497 | ---- | M] () -- C:\Users\Yijun\AppData\Roaming\Mozilla\Firefox\Profiles\60s2ewqp.default\searchplugins\SearchResults.xml
[2011/08/14 17:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/07 18:52:27 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{1fb05c5e-4c04-0fa7-35fc-ee3707444fb9}
[2010/05/04 13:52:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 19:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/09 10:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/04 21:37:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/04 12:51:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\YIJUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60S2EWQP.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\YIJUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60S2EWQP.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2009/06/25 22:16:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/18 20:01:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/04 10:33:04 | 000,024,576 | ---- | M] () -- C:\Program Files\mozilla firefox\components\CheckTudouVa.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2010/01/01 16:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 16:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/06 02:57:00 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010/01/01 16:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/14 19:02:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [New Value #1] File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE (Lexmark International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.169.34.181 203.120.90.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Yijun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yijun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/01 23:05:57 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 20:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2744448555-1961322237-481579980-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 01:41:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Yijun\Desktop\OTL.exe
[2011/08/19 18:46:32 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{DEA455EA-91EE-4E53-A297-9E65FA5EF3AF}
[2011/08/19 18:46:28 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{162422E1-F16C-4585-A98D-A2E8EB56B0EC}
[2011/08/18 22:06:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/18 22:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/18 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/18 20:00:47 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E9849616-9560-4265-B2FC-3AFF4679B913}
[2011/08/18 19:58:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{309EDD72-0A2A-4572-AE5C-38254E6193E8}
[2011/08/18 19:49:27 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{0806A374-AEB0-44E6-9385-F243D3F099F4}
[2011/08/18 19:45:56 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6CFB87E0-420B-4727-B6DD-6BADF2709D98}
[2011/08/17 23:43:31 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D0EB108A-840A-4444-BCA8-ED3B22FD7DBA}
[2011/08/17 23:43:25 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E1572658-0C1A-4669-A53D-7EDB3E90A2D9}
[2011/08/16 21:36:01 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6ED97615-84B0-4E13-BC36-E7BF4F8BAC00}
[2011/08/16 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D292EA14-E613-4218-A8A2-0C08A578CB1C}
[2011/08/16 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F20ED470-0317-43ED-9A82-12CA463EE824}
[2011/08/16 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{BAC7740E-4BD2-489B-ACA1-39F86B2EBE7B}
[2011/08/16 09:35:14 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{33E74B2F-6021-4D4F-99E2-52ED952C4F28}
[2011/08/16 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2676698D-AA61-4EB8-BE90-EA18F4B1439A}
[2011/08/15 22:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011/08/15 22:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2011/08/15 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{DF8E4E12-BD96-420A-BDC5-DC9CEA8A67F8}
[2011/08/15 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{471D3368-E511-45AB-B32A-DC6E1AB1ABC6}
[2011/08/15 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{CB52EC2A-95F0-46F7-91C6-73957AD9B6AB}
[2011/08/15 00:18:16 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{99E98176-0296-4251-A7E3-AECF42BDCCA4}
[2011/08/15 00:18:13 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{9332ABC6-508F-476C-A0D2-38C6D205DDC5}
[2011/08/15 00:18:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{450F4FCB-08CC-4D51-BAE8-FE2CDE619233}
[2011/08/14 22:54:08 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Yijun\Desktop\dds.scr
[2011/08/14 20:25:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/14 20:01:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/14 20:00:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 18:24:41 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\temp
[2011/08/14 18:06:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/14 18:06:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/14 18:06:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/14 18:06:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/14 18:05:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/14 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{CF7201B0-6F39-4CC9-9C8A-81777BF66214}
[2011/08/14 12:17:36 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FF5991C9-6BC1-4C39-BC4C-89AB7E0AA059}
[2011/08/14 12:17:33 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{0B30964C-6BC1-4530-952A-FBEDE4B680E6}
[2011/08/14 12:17:29 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{524BF19D-D454-4D80-A64B-E9237039DF5A}
[2011/08/14 00:16:56 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{94D6F31E-729B-4F3C-BE26-5E8899395F2C}
[2011/08/14 00:16:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{0C837FD3-B3FB-4E14-975B-71901994AD2E}
[2011/08/14 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D0023B37-DCB6-4DB1-A4F1-9EEB3C2A50C9}
[2011/08/14 00:16:43 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F30813E6-E54A-4D3F-B87B-403D4F1648A4}
[2011/08/13 15:43:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\Malwarebytes
[2011/08/13 15:43:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/13 15:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/13 15:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/13 15:43:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/13 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/13 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{52332B44-8C45-4121-AC1C-F575750433B4}
[2011/08/13 12:16:30 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2FF15E11-8BDE-4AE6-92CA-F6ADD833289B}
[2011/08/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{C0BFADEC-3EF4-41E7-B278-8BA0F5DCF0A7}
[2011/08/13 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FDC6969E-19F6-4F72-BC6D-D5BA50E1BBD9}
[2011/08/13 00:07:49 | 000,000,000 | R--D | C] -- C:\Users\Yijun\Dropbox
[2011/08/12 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/12 23:48:08 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{99F7C50F-2E45-494A-B6F7-8ADA50235E6F}
[2011/08/12 23:47:58 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{1AEAC52B-2190-4AF5-998F-0A91D690313A}
[2011/08/12 23:38:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{A4EF82FF-35EA-43E6-B278-1F9093D1E2F1}
[2011/08/12 23:38:16 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{5D8D8A7B-C4BD-4677-AED1-0883C18F8933}
[2011/08/12 03:11:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/12 03:11:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/12 03:11:04 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/12 03:11:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/12 03:11:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/11 23:27:07 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{ACE90E5F-4B15-4D78-BF21-42129F82327F}
[2011/08/11 23:27:04 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F496A9CD-849A-4B5F-9E37-91848095EDA3}
[2011/08/11 23:27:00 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2F6C992E-F2B4-4FCC-8978-AE095EACFB3C}
[2011/08/11 23:26:56 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B94FA948-358E-42FB-9CE0-C3F05E7E8EE0}
[2011/08/11 23:26:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{A8D4A841-FB0D-4C32-85B3-68B0E1E260E4}
[2011/08/11 11:43:03 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/11 11:41:03 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/11 11:41:03 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/11 11:26:21 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{A6CAF4E2-97DB-4748-8D56-D1AF1B1ABE1C}
[2011/08/11 11:26:11 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{CC1DD09D-C405-430D-85AC-50797DA5D3F1}
[2011/08/11 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FC5B9583-A08C-49AE-92D3-76592B15B433}
[2011/08/11 11:26:04 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{9D1A5935-E747-4C55-80BA-672871B1C3C6}
[2011/08/11 11:26:01 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2B8996BE-3198-4272-94B0-74558E60E912}
[2011/08/11 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2014BFF1-0D32-4FF1-B14C-0B228D30AF8E}
[2011/08/10 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B7F13025-73A1-4277-8C6F-441A3745B651}
[2011/08/10 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{0F614298-C67B-4536-A95F-7CE75759B825}
[2011/08/10 22:32:55 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E21C7DAB-B830-4C8D-B679-A42794F96B7D}
[2011/08/10 22:32:51 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{85ADBC83-A1CB-4F9C-B118-1F8CC090CBE3}
[2011/08/10 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{3231B3F0-04F4-4F0F-BCE6-B4AF1CAC8D13}
[2011/08/10 22:32:40 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D5A95D9A-381E-4A9F-9EF1-A4AC6E8B3ED1}
[2011/08/10 10:13:02 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E1CE8E9C-7DA9-4C21-A06F-A1A0FC0F01ED}
[2011/08/10 10:12:58 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{ACF36C2C-49C8-40A0-BA4E-E1CCCDBAD5DC}
[2011/08/10 10:12:55 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FCAB0952-7B3B-4D11-AA51-02CA77389BDC}
[2011/08/10 10:12:51 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{7EB12446-9B2E-4001-8FFC-F2C0536D26CB}
[2011/08/10 10:12:46 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{31013F7B-1A58-4C82-99A8-85B0F30272D8}
[2011/08/10 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{137E1918-76E0-4CDD-8983-4E946E7AE0F8}
[2011/08/09 16:40:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{3F2F6072-03E0-4435-8AC1-CF475867D25C}
[2011/08/09 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{A81DB035-A3AA-494C-B201-542FEB34D17B}
[2011/08/09 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{92B9FFF7-8F68-4A8A-80E1-2A86565BE149}
[2011/08/09 16:40:44 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{0806D310-A3B2-4AE2-95DB-2AA234E42AFA}
[2011/08/09 04:40:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{31371388-9DB7-4B23-A5E6-A4BD894852FD}
[2011/08/09 04:40:33 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F37AFE3C-30E6-4424-93C5-D587B165A2BF}
[2011/08/09 04:40:30 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{486C401C-B114-48E1-8054-C6F4A28C2738}
[2011/08/08 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{006B3659-0760-4ACC-B9AA-692152432226}
[2011/08/08 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{AC9656BD-90FB-41E1-B662-40E299D3CD8A}
[2011/08/08 04:40:08 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F9663782-9B16-4886-B27E-453A603EEBC8}
[2011/08/08 04:40:03 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{16F183E2-54BD-4696-9985-14B56C8B20D7}
[2011/08/07 20:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/07 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E72764A7-C844-441F-91C3-F43BBEF20D7B}
[2011/08/07 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{93289E09-24FD-4F34-8A4D-79F4C76510DC}
[2011/08/07 04:38:18 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\Rovio
[2011/08/07 04:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2011/08/07 04:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rovio
[2011/08/07 00:22:04 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F2D053FF-B264-4CDE-B316-C7CE6F77281E}
[2011/08/07 00:21:55 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{3F3341F9-D919-4D65-947B-06E4C1363B03}
[2011/08/06 12:21:46 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6442F503-247A-437D-B517-A740CC824B06}
[2011/08/06 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{223244C0-12B8-4583-9B4E-E051AB6F1FCA}
[2011/08/06 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{5A8C433A-2BA7-43A3-A7D8-E85A95ED8EC2}
[2011/08/06 12:21:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{95235896-E383-4E4E-829B-F15648FA6F5B}
[2011/08/06 00:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
[2011/08/06 00:21:29 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{CE2AB31B-0944-4D7F-A91C-4AA53272C10C}
[2011/08/06 00:21:26 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B2094896-A6F3-4BC2-85A4-207B007A8111}
[2011/08/06 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{648D0A7F-D841-483E-8662-04267510A233}
[2011/08/06 00:21:18 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{55C97CDF-2124-4BE8-9B9D-D6432823C41E}
[2011/08/05 12:20:55 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2065B93A-767D-4B7D-81C5-A7DA3B7813E9}
[2011/08/05 12:20:52 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{F523C453-1154-4908-9F34-DC2A7A243F1F}
[2011/08/05 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E25B0714-07F5-4DC2-BA0B-F1CC9E69DDBA}
[2011/08/05 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B9AF0240-CD2A-4C15-92D2-1FCA0A4758DA}
[2011/08/05 00:20:36 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{23F89E2B-FEA0-4D59-921D-3EF2C3AC31BB}
[2011/08/05 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{4D2783D7-06F2-4117-AA6C-67AC5BEF98D8}
[2011/08/05 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D5B5CF58-28FB-4734-A474-A9672C51ADF8}
[2011/08/04 12:51:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/04 12:51:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/04 12:51:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/04 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{4B2BA5B5-D056-46B5-B564-C3029B9F3765}
[2011/08/04 12:19:58 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{08D76D3E-14C8-45F7-A71A-C24D673B73B9}
[2011/08/04 00:19:43 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D22E7B46-7D10-4951-B82E-B38D57093D13}
[2011/08/04 00:19:39 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{31D68A27-2347-463C-8987-327FD3192BBF}
[2011/08/04 00:19:31 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{1AB47632-3E54-489D-AFE8-A82EBBF90AB4}
[2011/08/04 00:19:26 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{BB45EA57-E0B6-468D-A2D5-A69661F0ED28}
[2011/08/03 12:19:19 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{24842044-D925-4658-ABED-B9F2587BC4F4}
[2011/08/03 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{A590D310-5E01-4F2E-B0AA-3A91AEA80128}
[2011/08/03 12:19:12 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6A8CDE07-3F78-47A4-A481-0526FB19EDD3}
[2011/08/03 12:19:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B9F319C2-96AB-49BC-8B6A-E6F0DB8C5234}
[2011/08/03 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{CDE933E8-6AD6-4209-B7A1-56947DBAAC51}
[2011/08/03 12:14:28 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/03 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2A072681-073A-4385-AF65-90AB2C15B379}
[2011/08/03 11:07:48 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{74A7AC1A-E740-4AF6-83F7-AC78CBD43AD6}
[2011/08/02 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{560759C1-22A2-4401-9DCA-7A499C574C57}
[2011/08/02 03:10:59 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{46298052-8A74-4350-AA38-BBC34B0C2F43}
[2011/08/01 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/08/01 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\uTorrent
[2011/08/01 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\uTorrent
[2011/08/01 15:10:54 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D426D3D3-7BE9-4AF4-8F2D-7DBFEFD7560A}
[2011/08/01 02:02:49 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{D4031DA7-79D8-49A1-8F57-B39F14D73AA6}
[2011/07/31 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{73247AF1-9AAE-4183-B076-BAABBCCC56A7}
[2011/07/31 01:40:54 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{2E13C9AB-99B6-48CD-8A34-EF4FFD0E0844}
[2011/07/31 01:40:51 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{498A7216-0203-4843-96D8-604676F2A3BE}
[2011/07/30 13:40:48 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{3C61FFC8-9E5F-4DA6-9A48-68E0784E9816}
[2011/07/30 01:40:44 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{19328387-AD7C-4C5C-B3C0-9BDE484DBCF4}
[2011/07/29 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{1BE96BAE-17A3-4D61-81BC-87F93E46C872}
[2011/07/29 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{74C4A04B-6ECC-4005-82E4-82505BADEC66}
[2011/07/28 13:40:16 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FE422C31-9DE2-4076-AD31-4F38ED125CD6}
[2011/07/28 01:40:12 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{022657D9-3481-46EB-8E83-56F4722DA17B}
[2011/07/27 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{071AC8FF-1AA9-40BE-A33E-A844DC376574}
[2011/07/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{7954422E-F946-4F07-A0CD-1F5D324BFA58}
[2011/07/27 01:39:56 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{FFC0DE61-1EC2-4BD6-A595-0F86E3FB70A4}
[2011/07/26 13:39:45 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{BF04394F-1079-4D6E-8A19-803A8761CB8C}
[2011/07/26 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{414E2E35-F4A5-47BA-95CC-BB51B5281367}
[2011/07/25 14:46:51 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6927C032-2E59-464B-B003-328C2B379605}
[2011/07/25 14:46:49 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6E7745B1-C740-4AF6-BB5E-CF9780AA681F}
[2011/07/25 02:46:40 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{6B0C458F-C95F-467E-8695-A4CEB943A1F3}
[2011/07/25 02:46:37 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{E06B308E-BBB6-4248-9092-87CDFCB8414B}
[2011/07/24 19:40:34 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2
[2011/07/24 19:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yamb
[2011/07/24 18:48:44 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\www.dvbportal.de
[2011/07/24 15:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/24 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/24 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{4E731A5D-ADAA-4C28-840D-D8AAA8E89771}
[2011/07/24 14:46:24 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{1347042D-804B-4D56-9778-6A28169929D7}
[2011/07/24 02:46:13 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{32580961-72D7-446F-A073-34436628522B}
[2011/07/24 02:46:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{99E22A85-C939-4A2E-87B8-5B2D26F3FC2A}
[2011/07/23 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/07/23 15:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/23 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{78D91BAB-8E9A-4F79-A72D-09EFAFDEA0DE}
[2011/07/23 02:44:09 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B9230AC0-3378-4EC7-9BE4-06E28FC85553}
[2011/07/23 02:43:11 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{EF6C3B52-4514-4399-B26B-753B5EB51F0E}
[2011/07/22 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{DB3D7CF5-2821-4C9E-B8ED-12C5283A848A}
[2011/07/22 14:42:06 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{28EAA177-65F0-445F-96C4-AEDA794EABAA}
[2011/07/22 02:01:35 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{30BB1E52-5872-45D7-A9C1-42BB4BE58508}
[2011/07/21 14:01:26 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{B436938F-0EE1-475F-8CBD-04556B3C16D6}
[2011/07/21 02:01:17 | 000,000,000 | ---D | C] -- C:\Users\Yijun\AppData\Local\{68C9B582-8709-4112-954F-B029C4412FE4}
[2009/02/06 00:42:36 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2009/02/06 00:40:26 | 000,675,840 | ---- | C] ( ) -- C:\Windows\System32\LMabpmui.dll
[2009/02/06 00:40:25 | 000,987,136 | ---- | C] ( ) -- C:\Windows\System32\LMabusb1.dll
[2009/02/06 00:40:24 | 001,204,224 | ---- | C] ( ) -- C:\Windows\System32\LMabserv.dll
[2009/02/06 00:40:24 | 000,336,816 | ---- | C] ( ) -- C:\Windows\System32\LMabppls.exe
[2009/02/06 00:40:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\LMabprox.dll
[2009/02/06 00:40:23 | 000,561,152 | ---- | C] ( ) -- C:\Windows\System32\LMablmpm.dll
[2009/02/06 00:40:23 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\LMabpar1.dll
[2009/02/06 00:40:23 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\LMabpplc.dll
[2009/02/06 00:40:22 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\LMabip1.dll
[2009/02/06 00:40:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\LMabiobj.dll
[2009/02/06 00:40:22 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\LMabinpa.dll
[2009/02/06 00:40:21 | 000,508,848 | ---- | C] ( ) -- C:\Windows\System32\LMabcoms.exe
[2009/02/06 00:40:21 | 000,507,904 | ---- | C] ( ) -- C:\Windows\System32\LMabhcp.dll
[2009/02/06 00:40:21 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\LMabcomm.dll
[2009/02/06 00:40:20 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\LMabcomc.dll

========== Files - Modified Within 30 Days ==========

[2011/08/20 01:42:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Yijun\Desktop\OTL.exe
[2011/08/20 00:43:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 00:43:38 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 18:46:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/19 18:44:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/08/19 18:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 01:27:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/19 00:06:04 | 000,086,016 | ---- | M] () -- C:\Users\Yijun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/18 22:38:55 | 000,675,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/18 22:38:55 | 000,130,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/18 22:14:26 | 000,370,330 | ---- | M] () -- C:\Users\Yijun\Documents\cc_20110818_221328.reg
[2011/08/18 22:03:32 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/15 22:33:04 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5 (32-bit).lnk
[2011/08/14 21:07:58 | 000,000,253 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/08/14 19:02:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/14 17:41:19 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 15:43:45 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/13 00:07:49 | 000,000,984 | ---- | M] () -- C:\Users\Yijun\Desktop\Dropbox.lnk
[2011/08/07 23:13:06 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/08/07 18:02:19 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/08/01 17:31:13 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/25 20:29:55 | 000,001,884 | ---- | M] () -- C:\Users\Yijun\Desktop\Plus World.lnk
[2011/07/24 19:40:34 | 000,000,724 | ---- | M] () -- C:\Users\Yijun\Desktop\Yamb.lnk
[2011/07/24 15:49:17 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/23 11:00:07 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Yijun\Desktop\dds.scr
[2011/07/22 10:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/22 10:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/22 10:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/22 10:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/22 10:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011/08/18 22:13:35 | 000,370,330 | ---- | C] () -- C:\Users\Yijun\Documents\cc_20110818_221328.reg
[2011/08/18 22:03:32 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/15 22:33:04 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5 (32-bit).lnk
[2011/08/14 21:07:01 | 000,000,253 | ---- | C] () -- C:\WirelessDiagLog.csv
[2011/08/14 18:06:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/14 18:06:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/14 18:06:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/14 18:06:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/14 18:06:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/14 17:41:19 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/14 17:41:19 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/13 15:43:45 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/13 00:07:49 | 000,000,984 | ---- | C] () -- C:\Users\Yijun\Desktop\Dropbox.lnk
[2011/08/07 23:13:06 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2011/08/07 18:02:19 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/08/01 17:31:13 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/25 20:29:55 | 000,001,884 | ---- | C] () -- C:\Users\Yijun\Desktop\Plus World.lnk
[2011/07/24 19:40:34 | 000,000,724 | ---- | C] () -- C:\Users\Yijun\Desktop\Yamb.lnk
[2011/07/24 15:49:17 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/30 12:13:34 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/06/27 13:06:44 | 000,000,161 | ---- | C] () -- C:\Windows\System32\METAbolt_applet.ini
[2011/06/06 06:40:58 | 000,357,876 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/04/04 00:20:42 | 000,304,640 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/04 00:20:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/15 21:04:18 | 000,000,244 | ---- | C] () -- C:\Windows\BRGHTSTR.INI
[2009/10/21 01:03:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 01:03:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/21 01:02:10 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/06 18:32:14 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/08/06 18:32:14 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/08/06 18:32:14 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/08/06 18:32:14 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/08/06 18:32:14 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 02:50:47 | 000,000,087 | ---- | C] () -- C:\Windows\ae_mini.INI
[2009/06/22 22:19:53 | 000,000,232 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/06 00:41:44 | 000,466,944 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2009/02/06 00:41:43 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2008/12/03 00:00:43 | 000,000,088 | ---- | C] () -- C:\Windows\ImgTool.INI
[2008/10/17 18:37:39 | 000,000,600 | ---- | C] () -- C:\Users\Yijun\AppData\Local\PUTTY.RND
[2008/10/15 10:24:42 | 000,001,171 | ---- | C] () -- C:\Users\Yijun\AppData\Roaming\DVDSubEdit.ini
[2008/10/14 17:43:45 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2008/10/07 19:46:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/09 17:24:36 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/07 12:19:24 | 000,001,356 | ---- | C] () -- C:\Users\Yijun\AppData\Local\d3d9caps.dat
[2008/09/07 10:51:26 | 000,000,120 | ---- | C] () -- C:\Users\Yijun\AppData\Roaming\FixVTS.ini
[2008/09/06 09:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2008/09/06 09:31:26 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
[2008/09/06 09:31:17 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2008/09/04 20:33:23 | 000,000,160 | ---- | C] () -- C:\Windows\Muxman.ini
[2008/08/23 18:58:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/23 14:40:38 | 000,086,016 | ---- | C] () -- C:\Users\Yijun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/22 14:26:42 | 000,000,512 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2008/08/22 14:20:31 | 000,000,133 | ---- | C] () -- C:\Windows\VobEdit.INI
[2008/08/20 09:48:05 | 000,000,874 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/08/20 09:48:05 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/08/20 09:48:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF04A.dat
[2008/08/20 09:41:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/08/20 08:23:58 | 000,000,505 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/20 08:23:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/08/20 08:23:57 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/08/20 06:42:58 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/22 10:12:28 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/07/11 11:12:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/09 02:35:50 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/07/08 09:26:15 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/08 09:26:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/08 09:26:15 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/08 09:26:15 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/05/22 22:25:25 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/05/22 22:24:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/22 22:21:57 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/22 22:21:57 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/22 22:02:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/05/22 21:59:05 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/22 21:54:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/05/22 21:54:30 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/05/22 21:54:30 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/01/26 14:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 20:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:43 | 003,832,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 18:33:01 | 000,675,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,130,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/18 21:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2002/10/16 06:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/27 07:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 14:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 07:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 13:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Unicode (All) ==========
[2009/10/12 20:06:39 | 000,052,260 | ---- | M] ()(C:\Users\Yijun\Documents\??2.gif) -- C:\Users\Yijun\Documents\远情2.gif
[2009/10/12 20:06:38 | 000,052,260 | ---- | C] ()(C:\Users\Yijun\Documents\??2.gif) -- C:\Users\Yijun\Documents\远情2.gif
[2009/10/12 20:06:24 | 000,049,056 | ---- | M] ()(C:\Users\Yijun\Documents\??1.gif) -- C:\Users\Yijun\Documents\远情1.gif
[2009/10/12 20:06:23 | 000,049,056 | ---- | C] ()(C:\Users\Yijun\Documents\??1.gif) -- C:\Users\Yijun\Documents\远情1.gif

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >


Extras.txt

OTL Extras logfile created on: 20/8/2011 1:44:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Yijun\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 32.63% Memory free
6.19 Gb Paging File | 3.85 Gb Available in Paging File | 62.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.06 Gb Total Space | 60.98 Gb Free Space | 42.33% Space Free | Partition Type: NTFS
Drive D: | 140.48 Gb Total Space | 74.71 Gb Free Space | 53.18% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 794.39 Gb Free Space | 85.28% Space Free | Partition Type: NTFS

Computer Name: YIJUN | User Name: Yijun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2744448555-1961322237-481579980-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [abcAVI Tag Editor] -- "C:\Program Files\abcAVI\avi_tags.exe" "%1" (Alexander A. Sorkin)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2744448555-1961322237-481579980-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2744448555-1961322237-481579980-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03095143-5F11-4C30-8371-143F7CB56A23}" = lport=138 | protocol=17 | dir=in | app=system |
"{061C2979-C8FB-4C40-A3C2-0CE79C42736C}" = rport=139 | protocol=6 | dir=out | app=system |
"{0748FD36-D16D-4F37-A328-BFE6686462A7}" = lport=10600 | protocol=6 | dir=in | name=trend micro officescan listener |
"{0C120856-B7E2-4612-8B32-31319E6348E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20CA1891-1139-40EB-8E8D-0A900BB1E6F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E0A972F-4161-429F-964B-ABC284375E00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32AD1377-0D4D-4DD5-913D-04EC5A483849}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{445BD3B9-5474-4BF6-B98B-0B8BD18B2FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{45A591EA-59A9-47BE-B3D4-6A63667ED89B}" = lport=20 | protocol=6 | dir=in | name=ftp server |
"{5B0FF6C2-33D0-423B-8469-91D3665FB398}" = lport=5121 | protocol=6 | dir=in | name=eathena map |
"{5DECFF67-C6D2-4BA3-BAF6-CF461F85437F}" = lport=57636 | protocol=6 | dir=in | name=μtorrent tcp |
"{5EE66B8C-6FBE-4D14-A3AF-36BFDCE5D124}" = rport=445 | protocol=6 | dir=out | app=system |
"{640D52A4-ED4E-44C7-ACAA-683EED78060D}" = lport=6900 | protocol=6 | dir=in | name=eathena login |
"{6D0BE44A-A8F0-4613-894D-A33489B2C30E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D89280B-7E7A-45DE-9A0A-59C98F500779}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6EBD5C8A-CFD3-4118-9ED4-A0999FD55AFE}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{87108BF3-F218-453A-BCA4-0B20B9C8D5B4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91FC2A72-6F41-4067-9DC9-4370B2379614}" = lport=6121 | protocol=6 | dir=in | name=eathena char |
"{94E49A2F-0B92-4248-B34B-F9A4BCE1D116}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9E35EB43-AAD3-4BCC-92EE-B953AFF8C72C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A6D98D25-280F-45CC-9E33-AFA7E300FFC5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A789F36D-4202-44A8-9996-E4896D9FB3E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{A80C4A06-90C3-4D23-A219-0DE2917E0CC4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B3071166-B27F-4CBC-90F8-0C679065EBA0}" = lport=57636 | protocol=17 | dir=in | name=μtorrent udp |
"{B822A802-FF69-4B73-AF3E-E6CEDD6D1B72}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{BB66399E-34A0-4A54-BDD5-06B6CF3C7D96}" = lport=139 | protocol=6 | dir=in | app=system |
"{BD768FC7-77C8-4233-AEBC-CE5BDEAC8F7F}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{C4103B43-B72B-48F8-9591-428EEFF1A6B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA792AB0-829C-449C-BBA0-7DC29B041087}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D53FF515-0975-46B5-8018-2C2C1164D4F5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3A36026-2A8D-41A5-A269-90CC0269F356}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E40D7315-B18F-4053-8A8A-7089B0B9923C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5A88629-17DD-4658-A7DE-902300F55BF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBDE5361-82D3-47F4-8458-8640F40F46C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{F308E8A1-901D-420E-8615-45A085026751}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F696670F-B98A-4EA9-A6F5-1232B8997E0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8354309-C1F1-4B36-9427-2B5464657AB3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC5B4062-E2BD-44FA-8947-041AB892B06D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016D1EE8-EC51-490E-B0DC-25EDB0036B9B}" = protocol=17 | dir=in | app=c:\users\yijun\appdata\roaming\dropbox\bin\dropbox.exe |
"{023A378B-FB1C-4FA7-8701-94E268BE3E84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{07011437-848A-4683-9C3B-B092FBD8C28F}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{11EA3695-DA8A-47D6-8F30-DBF00383C25E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{24BE31CD-7C8C-4FB6-A8B4-6D4FDE870F67}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{348465D1-7965-42EF-820C-B25FC3DB1B4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A0A4F9F-8A8E-4B6A-8D6C-3AD009867C5B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{47052A91-D709-4DCC-804E-C6F4473B13E5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{4956B372-8649-43CC-B9CD-973CF514A2D9}" = protocol=6 | dir=in | app=c:\users\yijun\appdata\roaming\dropbox\bin\dropbox.exe |
"{5506AC2F-02FC-4256-9903-E75D6626D4E9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5B7E2E8D-FCCA-476F-AF6C-35E97796B910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{637F7C49-E1A2-4BC0-A422-557CAE6BF2AB}" = protocol=6 | dir=in | app=c:\program files\metabolt\metabolt.exe |
"{72C4B79B-9E4A-4376-967B-E14D71333979}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79BAE652-50AD-43D5-84C3-867F9B8C2BCD}" = protocol=17 | dir=in | app=c:\program files\metabolt\metabolt auto updater.exe |
"{8002B47C-97D1-4AEC-A49D-FC332F39B49E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{9E5CAA69-76A7-4E59-92F3-8870D3B0F707}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{A0DBB0B2-D848-40D6-84AB-B0AD83C1B3FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A115298E-A2E8-4F37-B0B5-99F6A073184D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A11FFA8B-BC0C-4BCA-BFF9-D9F1AB8EFACF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A716957F-AE4C-4C43-A00F-5372A0019787}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3A520A6-0344-416E-9147-B6EACBEBFFC0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BEB9C39E-CD18-446F-8B47-7D24BEE7965A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C264952D-7B0C-40D0-A87C-DC032174D789}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C82BF673-813B-4D83-9E8F-2AA79854AB3A}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{C86AFC29-14E1-4241-A692-C6F14AB9318F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8BE490E-95D8-4AC1-9358-D0CA5F5CA1C7}" = protocol=17 | dir=in | app=c:\program files\metabolt\metabolt.exe |
"{D3E6E153-8BC2-44D3-92F4-FDEAF6E02306}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D57F2DC7-F294-4E5F-8AAB-D925412C2975}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E8D90818-C087-4157-B485-213A8895A598}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe |
"{EC9414C6-6704-4CFF-B5D8-95E7C177DDFF}" = protocol=6 | dir=in | app=c:\program files\metabolt\metabolt auto updater.exe |
"TCP Query User{3E925F1F-F24A-4FBD-8DD2-0390DD9A4DAE}C:\sysreset\mirc.exe" = protocol=6 | dir=in | app=c:\sysreset\mirc.exe |
"TCP Query User{64485C2A-3252-40F1-B192-9EB7CC9CD304}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"TCP Query User{7F9AA9CE-3F18-4113-8C77-FDE55435C0AF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{901AC725-CB61-411C-A985-C4499C05C693}C:\sysreset\mirc.exe" = protocol=6 | dir=in | app=c:\sysreset\mirc.exe |
"TCP Query User{C55A8367-D94D-41C0-801B-E4A7058FAD0B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C7057DB1-4CE3-4450-90D7-46AC22F6FF70}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{C7C00CCD-FA0B-4548-A040-369893517653}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{EC4ADC7D-515B-46BA-8DE9-D5DA5CAF174E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{FF81C172-AB96-4A9C-AEA4-98AB2F969597}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{28A9B41F-6EC6-483E-99CF-7AEA872FAA91}C:\sysreset\mirc.exe" = protocol=17 | dir=in | app=c:\sysreset\mirc.exe |
"UDP Query User{2C245FE3-69B7-4033-B8D6-77F05DA7C0B1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{30F2F258-E016-443D-A1AF-5883DE1D565C}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"UDP Query User{460EBE36-C611-428B-B9B3-FA49756E9A22}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{641F2969-6A88-440E-8D50-B19B1140A0CD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{648DCDC3-6D20-4B17-90ED-ED547D0061D8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A5DB2895-26E6-4F08-91B2-416B4A7891F7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A84B67FB-3AAD-4430-8B0A-7E463C6C02AD}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{B332B78B-B4FD-45D6-9A05-FA7F1313B456}C:\sysreset\mirc.exe" = protocol=17 | dir=in | app=c:\sysreset\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52307374-EA35-4003-B7E4-8F1FB422749F}" = 微软拼音输入法2007
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.5.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B30E8CF8-0BC8-4327-9F05-BE32645240CA}" = METAbolt
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A6E040-D10D-4261-BAAB-D8E8B6248AD1}" = Acer Crystal Eye Webcam 3.0.5.1
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"109AAA0C37D6219EA776C7E771DE5C246A0A0846" = Windows Driver Package - ENE (enecir) HIDClass (01/23/2008 2.4.0.0)
"7-Zip" = 7-Zip 4.65
"abcavi_tag_editor_is1" = abcAVI
"Acer Acer Bio Protection 6.0.00.12" = Acer Bio Protection

AAA 6.0.00.12
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Alarm_is1" = Alarm 2.0.4
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"FileZilla Client" = FileZilla Client 3.5.0
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"Lexmark_HostCD" = Lexmark Software Uninstall
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mega Bomberman_is1" = Mega Bomberman
"Megota Software SFPack Uninstall" = SFPack
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 4.4.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 6.0 (x86 en-GB)" = Mozilla Firefox 6.0 (x86 en-GB)
"MuseScore" = MuseScore 1.1 MuseScore score typesetter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"No-IP.com DUC" = No-IP.com DUC (remove only)
"PC Wizard 2008_is1" = PC Wizard 2008.1.84
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.89
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SF2 Splitter 1.1_is1" = SF2 Splitter 1.1
"sfArk" = sfArk
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Viena_is1" = Viena
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2744448555-1961322237-481579980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d5330cf64599cc4e" = METAbolt
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:17 PM

Posted 19 August 2011 - 01:56 PM

Please uninstall Messenger Plus! including all its components using Add/Remove programs. This is supposed to also uninstall all browser related additions.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 tearsunderstars

tearsunderstars
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 August 2011 - 09:29 AM

Dear Elise, I'm so sorry for the late reply.

I've uninstalled Messenger Plus via Add/Remove Programs and restarted the computer. I have also used CCleaner. However the search.imesh.com still remains.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users