Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

System32\service.exe infected | Help please!!

(In Progress)
(!)

Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
18-Jul-2012, 08:16 AM #1
Exclamation System32\service.exe infected | Help please!!
I've seen this around the forums as a common problem but I wanted to do this one on one so I don't mess up my computer more than I already have. > .< Especially since I should "NOT RUN ComboFix unless requested to."

As titles states my system32\service.exe file is infected. [image here] The problem started sometime around yesterday. I also do not know how to, er, generate a log.

I also have another problem. I'm not sure what to call it but a problem with "doubleclick(.net/.com)" Hopefully I can solve this problem along with my first. My first being the most important.

Many thanks,
Trums
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
18-Jul-2012, 01:30 PM #2
Hi and welcome,
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------

Please download aswMBR to your desktop.
  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
18-Jul-2012, 10:36 PM #3
Thank you very much for your reply and I apologize for my late one. Here are the logs you requested.
~Trums

Quote:
OTL logfile created on: 7/18/2012 7:52:56 PM - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ming-Ti\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.37% Memory free
8.87 Gb Paging File | 6.92 Gb Available in Paging File | 78.05% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 77.18 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
Drive D: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STEVENPC | User Name: Ming-Ti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ming-Ti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Tencent\barupdate\TBUpdate.exe (Tencent)
PRC - C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe (Tencent)
PRC - C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\ProgramData\UpdaterService\wsupdsvc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (Brand Affinity Technologies)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll ()
MOD - C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll ()
MOD - C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll ()
MOD - C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll ()
MOD - C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5b c57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50f b69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7 f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a 8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a876 0de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079ea b134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3 a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b 0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TBUpdate) -- C:\Program Files\Tencent\barupdate\TBUpdate.exe (Tencent)
SRV:64bit: - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7 0dacb64382a61a7\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7 0dacb64382a61a7\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UpdaterService) -- C:\ProgramData\UpdaterService\wsupdsvc.exe ()
SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FTSvc) -- C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (Brand Affinity Technologies)
SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70 dacb64382a61a7\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70 dacb64382a61a7\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (qkm) -- C:\Koramgame\GDOnline\mqkwy64.sys ()
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-tools-app.com/?babs...as=0&isid=9852
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLchr999&ptnrS=ZLchr999&ptb=2kGQF2NKB7jm4c6Vscn4jg&ind=2011 120301&n=77df42ad&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3007394
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - SOFTWARE\Classes\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=xoGC!ZkQPy8httUUT0EDV6430gc60g00&lr= &ie={inputEncoding}&unc=o400493
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52:04&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52:04&v=11.1.0.12&sap=hp"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\4game.com/plugin: C:\Program Files (x86)\4game\4game\npplugin4game.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kunlun.com/Launcher: C:\Koramgame\GDOnline\npLauncher.dll (Kalends)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files (x86)\Tencent\QQLive\LiveOcx\npQQLive.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.41\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ming-Ti\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ming-Ti\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/04/08 03:51:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/18 05:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/06 09:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/18 03:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/18 05:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 09:24:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 16:57:36 | 000,000,000 | ---D | M]

[2012/07/03 12:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ming-Ti\AppData\Roaming\mozilla\Extensions
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ming-Ti\AppData\Roaming\mozilla\Firefox\Profiles\4fiohuq8.default\extensions
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Ming-Ti\AppData\Roaming\mozilla\Firefox\Profiles\4fiohuq8.default\extensions\One ClickDownload@OneClickDownload.com
[2012/04/21 14:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/13 16:31:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/02 23:47:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/04/21 14:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/11/20 21:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/02 11:51:59 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/20 18:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/20 18:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52:04&v=11.1.0.12&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}
CHR - homepage: http://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52:04&v=11.1.0.12&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginC hrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.21_0\plugins/WajamNPAPI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: npLauncher plugin (Enabled) = C:\Koramgame\GDOnline\npLauncher.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: QQ2011 (Enabled) = C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.41\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: \u817E\u8BAF\u89C6\u9891 (Enabled) = C:\Program Files (x86)\Tencent\QQLive\LiveOcx\npQQLive.dll
CHR - plugin: QQMusic (Enabled) = C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ming-Ti\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Missing e = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.11.0_0\
CHR - Extension: YouTube = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: XKit = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnboehlfeemlfpefilcplpcjofkegnn\6.0_0\
CHR - Extension: Persona 4 Style Theme = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmjjgmbmbncodbkfkpglfkpmaelfdlm\1_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Skype Click to Call = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: AVG Do Not Track = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Ming-Ti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/18 04:42:02 | 000,002,387 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com# Start of Entries made by A1C V1x0r's cs5 Activator
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 liverail.com
O1 - Hosts: 127.0.0.1 adotube.com
O1 - Hosts: 17 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (no name) - {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - No CLSID value found.
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (SOSO工具栏) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (TENCENT)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Shop to Win) - {3A90A078-4BB9-4568-9557-CDEEFCAE68A0} - C:\Program Files (x86)\Shop to Win 22\Shop to Win 22.dll (Shop To Win, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Tencent Browser Helper) - {46F9BE77-3DD9-0ECB-98F9-1793D13B9886} - C:\Program Files\Tencent\SSPlus\SAddr.dll (腾讯)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\Program Files\Tencent\SSPlus\SSup.dll (腾讯)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll ()
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MyTools Class) - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\mytools.dll (MyTools)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SOSO工具栏) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (TENCENT)
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Ming-Ti\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [QQIntl] C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSPANotify - Shortcut.lnk = C:\Users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://sslpx-ccas01.edmc.edu/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E12DEB8-939A-4C29-A01B-429A105846E8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}: NameServer = 4.2.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 19:33:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ming-Ti\Desktop\OTL.exe
[2012/07/18 14:29:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ming-Ti\Desktop\aswMBR.exe
[2012/07/18 09:01:18 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Audacity
[2012/07/18 05:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/18 05:00:51 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\AVG2012
[2012/07/17 23:16:53 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Malwarebytes
[2012/07/17 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/17 23:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/17 23:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/17 20:59:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/17 20:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/17 08:35:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/17 08:22:18 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anna
[2012/07/17 08:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anna
[2012/07/17 06:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DAZ
[2012/07/17 05:58:29 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012/07/17 05:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012/07/17 05:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2012/07/17 05:48:31 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Documents\DAZ 3D
[2012/07/17 05:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2012/07/17 05:46:33 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\DAZ 3D
[2012/07/17 04:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Desktop\DAZStudio_4.0.3.47_Win_bundle
[2012/07/16 23:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/15 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/07/15 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/07/15 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/15 22:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/15 22:59:17 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/15 22:59:17 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/15 22:58:43 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/15 22:58:43 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/15 22:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/15 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4game
[2012/07/15 16:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Blender Foundation
[2012/07/15 05:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\AnvSoft
[2012/07/15 05:48:45 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\MOVAVI
[2012/07/15 01:46:16 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Microsoft Games
[2012/07/15 00:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\ElevatedDiagnostics
[2012/07/13 18:59:25 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audition Online
[2012/07/13 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audition Online
[2012/07/13 18:09:46 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Skyrim
[2012/07/13 18:08:55 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Black_Tree_Gaming
[2012/07/13 18:05:20 | 2715,238,741 | ---- | C] (ProSiebenSat1Games) -- C:\Users\Ming-Ti\Desktop\SetupAudition.exe
[2012/07/13 08:05:15 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Documents\110202][Digital Graffiti] Replicants
[2012/07/13 05:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/07/13 04:52:52 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\uTorrent
[2012/07/11 23:42:08 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\medit-1
[2012/07/11 23:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\medit
[2012/07/11 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\SingSong
[2012/07/11 03:20:15 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Documents\LOCO
[2012/07/10 01:56:06 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\.techniclauncher
[2012/07/09 15:04:09 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\.minecraft
[2012/07/09 13:21:57 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Macromedia
[2012/07/07 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Desktop\Themes
[2012/07/07 14:53:49 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Chromium
[2012/07/06 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/06 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\PMB Files
[2012/07/06 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Pando_Temp
[2012/07/06 20:02:43 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\assembly
[2012/07/06 20:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/07/06 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\InstallShield
[2012/07/06 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2012/07/06 19:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2012/07/06 19:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft
[2012/07/05 15:53:08 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Reflection
[2012/07/05 13:03:22 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Apple Computer
[2012/07/05 13:03:22 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Apple Computer
[2012/07/04 13:22:20 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\gtk-2.0
[2012/07/03 22:37:40 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\vlc
[2012/07/03 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\beanfun! UK
[2012/07/03 20:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\beanfun!
[2012/07/03 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Apple
[2012/07/03 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\SYSTEMAX Software Development
[2012/07/03 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\IObit
[2012/07/03 13:05:45 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Tencent
[2012/07/03 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/03 12:51:32 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Google
[2012/07/03 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Mozilla
[2012/07/03 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Mozilla
[2012/07/03 12:41:09 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\CyberLink
[2012/07/03 12:41:08 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Hewlett-Packard
[2012/07/03 12:39:48 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Yahoo!
[2012/07/03 12:39:38 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Skype
[2012/07/03 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\WinRAR
[2012/07/03 12:27:02 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\AVG Secure Search
[2012/07/03 12:26:49 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Wacom
[2012/07/03 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Adobe
[2012/07/03 12:26:45 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Adobe
[2012/07/03 12:26:24 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/03 12:26:24 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Searches
[2012/07/03 12:26:24 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/03 12:26:24 | 000,000,000 | -H-D | C] -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/03 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Identities
[2012/07/03 12:26:01 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Contacts
[2012/07/03 12:25:50 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\WTablet
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\AppData\Local\Temporary Internet Files
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Templates
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Start Menu
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\SendTo
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Recent
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\PrintHood
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\NetHood
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Documents\My Videos
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Documents\My Pictures
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Documents\My Music
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\My Documents
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Local Settings
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\AppData\Local\History
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Cookies
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\Application Data
[2012/07/03 12:25:48 | 000,000,000 | -HSD | C] -- C:\Users\Ming-Ti\AppData\Local\Application Data
[2012/07/03 12:25:47 | 000,000,000 | --SD | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Videos
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Saved Games
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Pictures
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Music
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Links
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Favorites
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Downloads
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Documents
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\Desktop
[2012/07/03 12:25:47 | 000,000,000 | R--D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/03 12:25:47 | 000,000,000 | -H-D | C] -- C:\Users\Ming-Ti\AppData
[2012/07/03 12:25:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Temp
[2012/07/03 12:25:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Microsoft Help
[2012/07/03 12:25:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Local\Microsoft
[2012/07/03 12:25:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Media Center Programs
[2012/07/03 12:25:47 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\AppData\Roaming\Macromedia
[2012/07/03 11:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2012/07/03 11:30:24 | 000,024,408 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/07/03 10:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
[2012/07/03 10:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2012/07/03 10:22:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/07/03 10:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/07/03 10:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/07/03 09:52:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/02 11:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/02 11:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/02 11:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/02 10:38:04 | 000,000,000 | -H-D | C] -- C:\e012b0bfc282bb9dec1ac0c1cd7087bb
[2012/07/02 10:37:58 | 000,333,216 | ---- | C] (Tencent) -- C:\Windows\SysWow64\MMInstaller.dll
[2012/07/02 10:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent
[2012/07/02 10:35:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2012/07/02 10:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2012/07/02 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2012/07/02 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Documents\Tencent Files
[2012/07/02 10:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2012/07/01 18:52:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2012/06/25 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Documents\Electronic Arts
[2012/06/25 13:44:51 | 017,063,192 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Ming-Ti\Desktop\OriginThinSetup.exe
[2012/06/25 12:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ming-Ti\Desktop\Sims 3 mod
[2012/06/25 08:09:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/25 08:09:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/25 08:09:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/25 08:08:52 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/25 08:08:52 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/25 08:08:52 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/25 08:08:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/25 08:08:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 15:40:36 | 000,764,928 | ---- | C] (Mercenary Enclave Productions (http://syphor.ne1.net)) -- C:\Users\Ming-Ti\Desktop\Prismaticator.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 20:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 20:01:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004UA.job
[2012/07/18 19:33:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ming-Ti\Desktop\OTL.exe
[2012/07/18 19:23:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1000UA.job
[2012/07/18 18:03:30 | 101,695,466 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/18 18:00:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/07/18 17:59:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 17:59:27 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 14:29:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ming-Ti\Desktop\aswMBR.exe
[2012/07/18 06:09:46 | 000,040,302 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\sdsd.png
[2012/07/18 05:26:09 | 000,001,383 | ---- | M] () -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSPANotify - Shortcut.lnk
[2012/07/18 05:02:21 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/18 04:42:02 | 000,002,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 03:00:04 | 004,990,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/17 08:22:18 | 000,000,913 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\Anna.lnk
[2012/07/17 05:58:30 | 000,001,874 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\DAZ Studio 4 (64bit).lnk
[2012/07/17 05:58:30 | 000,000,180 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\Get 3D Models.url
[2012/07/17 00:53:47 | 000,061,227 | ---- | M] () -- C:\Users\Ming-Ti\.recently-used.xbel
[2012/07/16 23:34:17 | 000,000,229 | ---- | M] () -- C:\Users\Ming-Ti\.gtk-bookmarks
[2012/07/16 23:33:27 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/16 21:09:55 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004Core.job
[2012/07/16 20:23:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1000Core.job
[2012/07/16 13:07:00 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Steven.job
[2012/07/15 22:58:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/15 22:58:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/15 05:51:48 | 000,782,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/15 05:51:48 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/15 05:51:48 | 000,122,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 19:59:11 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/07/13 18:34:49 | 2715,238,741 | ---- | M] (ProSiebenSat1Games) -- C:\Users\Ming-Ti\Desktop\SetupAudition.exe
[2012/07/13 04:53:38 | 000,000,969 | ---- | M] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2012/07/12 09:09:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 09:09:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 07:01:46 | 000,281,738 | ---- | M] () -- C:\Users\Ming-Ti\Documents\IMG_12072012_090050.png
[2012/07/11 17:57:13 | 222,236,996 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0038.avi
[2012/07/11 17:56:08 | 001,669,356 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0037.avi
[2012/07/11 17:55:50 | 001,418,676 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0036.avi
[2012/07/11 17:55:33 | 003,144,696 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0035.avi
[2012/07/11 17:55:11 | 025,361,396 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0034.avi
[2012/07/11 17:54:17 | 019,478,012 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0033.avi
[2012/07/11 01:03:16 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\LOCO.lnk
[2012/07/11 00:51:46 | 1311,701,771 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\120626_LocoSetup_Live.exe
[2012/07/10 05:30:53 | 000,000,196 | ---- | M] () -- C:\Users\Public\Desktop\QQ.URL
[2012/07/09 22:36:17 | 000,146,091 | ---- | M] () -- C:\Users\Ming-Ti\Documents\flake11184239.png
[2012/07/07 01:51:08 | 000,001,973 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\GamezAion Launcher.lnk
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/05 17:58:48 | 000,432,285 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/05 00:40:30 | 000,229,418 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\Untitled.png
[2012/07/04 13:18:26 | 000,139,534 | ---- | M] () -- C:\Users\Ming-Ti\Documents\Order #57643357 on Jul 4, 2012.pdf
[2012/07/03 13:11:55 | 000,000,692 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\MikuMikuDance - Shortcut.lnk
[2012/07/03 12:39:38 | 000,001,439 | ---- | M] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/03 10:47:31 | 000,000,862 | ---- | M] () -- C:\Users\Ming-Ti\Documents\SmartPCFixer.lnk
[2012/07/03 10:39:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 10:39:47 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 02:19:29 | 000,175,550 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\im scared.png
[2012/07/02 12:11:29 | 000,000,063 | ---- | M] () -- C:\1.html
[2012/07/02 11:53:04 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/06/27 18:22:35 | 000,060,641 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\l.jpg
[2012/06/25 22:55:55 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 High-End Loft Stuff.lnk
[2012/06/25 17:18:41 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 Pets.lnk
[2012/06/25 16:44:20 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2012/06/25 15:35:58 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR100.dll
[2012/06/25 15:35:58 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP100.dll
[2012/06/25 13:45:31 | 017,063,192 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Ming-Ti\Desktop\OriginThinSetup.exe
[2012/06/25 12:39:12 | 000,001,401 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\FrameworkSetup.zip
[2012/06/23 15:40:38 | 000,018,092 | ---- | M] () -- C:\Users\Ming-Ti\Desktop\doodles.png
[2012/06/19 02:33:53 | 035,369,920 | ---- | M] () -- C:\Users\Ming-Ti\Documents\clip0032.avi
[2012/06/18 23:34:24 | 000,117,933 | ---- | M] () -- C:\Users\Ming-Ti\Documents\All.m3u
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 06:09:46 | 000,040,302 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\sdsd.png
[2012/07/18 05:26:09 | 000,001,383 | ---- | C] () -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSPANotify - Shortcut.lnk
[2012/07/18 05:02:21 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 08:22:18 | 000,000,913 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\Anna.lnk
[2012/07/17 08:21:57 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\00000008.@
[2012/07/17 08:21:57 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000032.@
[2012/07/17 08:21:57 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000064.@
[2012/07/17 08:21:57 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\L\00000004.@
[2012/07/17 08:21:56 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000000.@
[2012/07/17 08:21:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\00000004.@
[2012/07/17 08:21:56 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\000000cb.@
[2012/07/17 05:58:30 | 000,001,874 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\DAZ Studio 4 (64bit).lnk
[2012/07/17 05:58:30 | 000,000,180 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\Get 3D Models.url
[2012/07/17 00:53:47 | 000,061,227 | ---- | C] () -- C:\Users\Ming-Ti\.recently-used.xbel
[2012/07/16 23:34:17 | 000,000,229 | ---- | C] () -- C:\Users\Ming-Ti\.gtk-bookmarks
[2012/07/15 23:00:58 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/13 04:53:38 | 000,000,969 | ---- | C] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2012/07/12 07:01:43 | 000,281,738 | ---- | C] () -- C:\Users\Ming-Ti\Documents\IMG_12072012_090050.png
[2012/07/11 17:56:36 | 222,236,996 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0038.avi
[2012/07/11 17:56:02 | 001,669,356 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0037.avi
[2012/07/11 17:55:47 | 001,418,676 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0036.avi
[2012/07/11 17:55:31 | 003,144,696 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0035.avi
[2012/07/11 17:55:06 | 025,361,396 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0034.avi
[2012/07/11 17:53:47 | 019,478,012 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0033.avi
[2012/07/11 01:03:16 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\LOCO.lnk
[2012/07/11 00:34:47 | 1311,701,771 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\120626_LocoSetup_Live.exe
[2012/07/10 05:30:53 | 000,000,196 | ---- | C] () -- C:\Users\Public\Desktop\QQ.URL
[2012/07/09 22:36:17 | 000,146,091 | ---- | C] () -- C:\Users\Ming-Ti\Documents\flake11184239.png
[2012/07/07 00:54:31 | 028,052,314 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\Items.pak
[2012/07/06 19:58:40 | 000,001,973 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\GamezAion Launcher.lnk
[2012/07/05 00:40:29 | 000,229,418 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\Untitled.png
[2012/07/04 13:18:26 | 000,139,534 | ---- | C] () -- C:\Users\Ming-Ti\Documents\Order #57643357 on Jul 4, 2012.pdf
[2012/07/03 13:11:55 | 000,000,692 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\MikuMikuDance - Shortcut.lnk
[2012/07/03 12:51:34 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004UA.job
[2012/07/03 12:51:34 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004Core.job
[2012/07/03 12:39:38 | 000,001,439 | ---- | C] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/03 12:26:35 | 000,001,411 | ---- | C] () -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/03 12:26:27 | 000,001,445 | ---- | C] () -- C:\Users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/03 12:25:47 | 000,000,290 | ---- | C] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/03 12:25:47 | 000,000,272 | ---- | C] () -- C:\Users\Ming-Ti\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/03 10:47:31 | 000,000,862 | ---- | C] () -- C:\Users\Ming-Ti\Documents\SmartPCFixer.lnk
[2012/07/03 10:22:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2012/07/03 02:19:28 | 000,175,550 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\im scared.png
[2012/07/02 10:33:37 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/06/27 18:22:38 | 000,060,641 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\l.jpg
[2012/06/25 22:55:55 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 High-End Loft Stuff.lnk
[2012/06/25 17:18:41 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 Pets.lnk
[2012/06/25 16:44:20 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2012/06/25 12:39:14 | 000,001,401 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\FrameworkSetup.zip
[2012/06/23 15:24:06 | 000,018,092 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\doodles.png
[2012/06/19 19:00:20 | 004,495,425 | ---- | C] () -- C:\Users\Ming-Ti\Desktop\LM.C - Oh My Juliet.mp3
[2012/06/19 02:33:12 | 035,369,920 | ---- | C] () -- C:\Users\Ming-Ti\Documents\clip0032.avi
[2012/06/18 23:34:24 | 000,117,933 | ---- | C] () -- C:\Users\Ming-Ti\Documents\All.m3u
[2012/05/02 19:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/04/29 15:02:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/03/09 20:29:46 | 001,570,851 | ---- | C] () -- C:\Users\Ming-Ti\Screen shot 2011-11-04 at 8.30.05 PM.png
[2012/03/09 20:29:46 | 001,357,464 | ---- | C] () -- C:\Users\Ming-Ti\Screen shot 2011-11-04 at 8.29.25 PM.png
[2012/03/09 20:29:46 | 001,290,064 | ---- | C] () -- C:\Users\Ming-Ti\Screen shot 2011-11-04 at 7.58.42 PM.png
[2012/03/09 20:29:46 | 001,283,603 | ---- | C] () -- C:\Users\Ming-Ti\Screen shot 2011-11-04 at 8.04.04 PM.png
[2012/03/09 20:28:12 | 002,231,297 | ---- | C] () -- C:\Users\Ming-Ti\98da2a1f9690730917d54170cefd2439.jpg
[2012/03/09 20:28:12 | 000,411,642 | ---- | C] () -- C:\Users\Ming-Ti\Konachan.com - 44122 sample.jpg
[2012/03/09 20:28:12 | 000,221,429 | ---- | C] () -- C:\Users\Ming-Ti\Konachan.com - 44123 blue hirobakar kagamine_len vocaloid.jpg
[2012/03/09 20:28:12 | 000,167,411 | ---- | C] () -- C:\Users\Ming-Ti\kagamine-len--kagamine-rin.jpg
[2012/01/18 18:39:59 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\@
[2012/01/09 18:14:54 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/09 18:14:54 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/26 01:25:57 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2011/12/02 22:02:46 | 000,777,054 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/06 23:39:58 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\tmbvcm32.dll

========== LOP Check ==========

[2012/07/18 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\.minecraft
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\.techniclauncher
[2012/07/15 05:48:57 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\AnvSoft
[2012/07/18 10:48:11 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\Audacity
[2012/07/18 05:00:51 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\AVG2012
[2012/07/15 16:28:29 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\Blender Foundation
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\DAZ 3D
[2012/07/17 00:53:47 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\gtk-2.0
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\IObit
[2012/07/13 06:41:16 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\medit-1
[2012/07/15 05:48:45 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\MOVAVI
[2012/07/11 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\SingSong
[2012/07/03 13:25:13 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\SYSTEMAX Software Development
[2012/07/18 03:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\Tencent
[2012/07/18 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\uTorrent
[2012/07/03 12:26:49 | 000,000,000 | ---D | M] -- C:\Users\Ming-Ti\AppData\Roaming\Wacom
[2012/07/18 18:00:13 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2012/05/20 21:07:56 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/07/04 00:37:41 | 000,000,206 | R--- | M] ()(C:\Users\Public\Desktop\QQ??.url) -- C:\Users\Public\Desktop\QQ导航.url
[2012/07/04 00:37:41 | 000,000,206 | R--- | C] ()(C:\Users\Public\Desktop\QQ??.url) -- C:\Users\Public\Desktop\QQ导航.url
[2012/07/02 10:38:03 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >
Quote:
OTL Extras logfile created on: 7/18/2012 7:52:56 PM - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ming-Ti\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.37% Memory free
8.87 Gb Paging File | 6.92 Gb Available in Paging File | 78.05% Paging File free
Paging file location(s): c:\pagefile.sys 5000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 77.18 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
Drive D: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STEVENPC | User Name: Ming-Ti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D5CE83C-BFDD-4668-8BCB-E8614334A657}" = Adobe Photoshop Lightroom 3.4 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"AVG" = AVG 2012
"Blender" = Blender
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B49EC8A-A46A-40D4-A95E-4C2EB2C633EE}" = S4 League_EU
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims 3 Outdoor Living Stuff
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Faade
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50FED7F4-7189-4058-80B1-E846F79FD7B2}" = Babylon Toolbar
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67F7D625-2E32-481B-85E4-2D17F0E6778D}" = NaturalReader95
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB416C2-4AEC-4967-A873-E2A3B404E6EC}" = SP45629 - Intel Chipset Installation Utility
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A196AE-9B4D-499C-94D4-18FA2061B3CE}_is1" = Shop To Win
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = O[tVh[
"{AEBB8347-FA28-4834-A9F6-C4CF125E325D}" = GDOnline
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B99690D5-0BD4-403B-98D9-D0E997239454}" = NaturalReaderFree
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims 3 Pets
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5C65509-1EAD-47E9-99DD-86410A064F8E}" = FlameReader
"{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}" = Fantapper Player
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DA3592-87EA-457F-A254-6C0F1F1D6F1A}" = ILLUSION 箱-はこ-
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD271FAB-2F69-6983-A6A4-828F357940C4}" = Livebrush Mini
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = 1ClickDownloader
"3D Ripper DX_is1" = 3D Ripper DX v1.8.1
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Any Video Converter_is1" = Any Video Converter 3.3.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audition Online1.2.6064" = Audition Online
"AVG Secure Search" = AVG Security Toolbar
"AviSynth" = AviSynth 2.5
"Bamboo Dock" = Bamboo Dock
"Beadz Games" = Beadz Games 1.0
"Belarc Advisor" = Belarc Advisor 8.2
"BOSS" = BOSS
"Canon RAW Codec" = Canon RAW Codec
"Chalk Toss Games" = Chalk Toss Games 1.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)
"DDS Converter 2.1" = DDS Converter 2.1
"DealBulldog Toolbar" = DealBulldog Toolbar
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"Eden Eternal" = Eden Eternal
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV2PC_is1" = FLV2PC v5.9.0
"foobar2000" = foobar2000 v1.1.10
"Fraps" = Fraps
"Furcadia" = Furcadia
"Graboid Video" = Graboid Video 3.05
"HyperCam 2" = HyperCam 2
"iMesh" = iMesh
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Lime Odyssey" = Lime Odyssey
"LOCO" = LOCO EVOLUTION
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"McAfee Security Scan" = McAfee Security Scan Plus
"Mediaplayer Lite_is1" = Mediaplayer Lite v1.0
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Movavi Video Converter 11" = Movavi Video Converter 11
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyTools" = MyTools
"MyWebSearch bar Uninstall" = My Web Search (IWON)
"NSS" = Norton Security Scan
"Origin" = Origin
"Pangya" = Pangya (Ntreev SG Interactive)
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Pesterchum" = PESTERCHUM
"PlayClaw" = PlayClaw
"qqlive" = 腾讯视频
"QQToolbar" = SOSO工具栏
"RaidCall" = RaidCall
"RealPlayer 15.0" = RealPlayer
"Shin Megami Tensei - Imagine Online" = Shin Megami Tensei - Imagine Online
"Skinamp" = Skinamp for Winamp 2.x (remove only)
"StartNow Toolbar" = StartNow Toolbar
"TBUpdate" = TBUpdate
"TeamViewer 7" = TeamViewer 7
"Tencent Browser Helper" = SOSO AddressBar Search
"Trickster Online" = Trickster Online
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = Torrent
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 1.1.11
"VooMuuSA" = VooMuu
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WhiteSmoke Updater Service" = WhiteSmoke Updater Service
"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
"WhiteSmokeTranslator" = WhiteSmokeTranslator
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Wrye Bash" = Wrye Bash
"Xfire" = Xfire (remove only)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 2:22:14 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 3:22:14 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 4:22:14 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 5:22:14 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 6:22:14 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 7:22:15 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 8:22:15 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 9:22:15 PM | Computer Name = STEVENPC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 7/17/2012 10:41:30 PM | Computer Name = STEVENPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/18/2012 12:13:36 AM | Computer Name = STEVENPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/18/2012 6:01:18 AM | Computer Name = STEVENPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/18/2012 8:28:23 AM | Computer Name = STEVENPC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Media Center Events ]
Error - 6/14/2012 11:25:13 AM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 8:25:09 AM - Error connecting to the internet. 8:25:09 AM - Unable
to contact server..

Error - 6/30/2012 1:36:38 AM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 10:36:33 PM - Error connecting to the internet. 10:36:33 PM - Unable
to contact server..

Error - 6/30/2012 6:31:47 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 3:31:47 PM - Error connecting to the internet. 3:31:47 PM - Unable
to contact server..

Error - 6/30/2012 6:32:07 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 3:31:52 PM - Error connecting to the internet. 3:31:52 PM - Unable
to contact server..

Error - 6/30/2012 7:32:11 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 4:32:11 PM - Error connecting to the internet. 4:32:11 PM - Unable
to contact server..

Error - 6/30/2012 7:32:17 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 4:32:16 PM - Error connecting to the internet. 4:32:16 PM - Unable
to contact server..

Error - 6/30/2012 8:32:22 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 5:32:22 PM - Error connecting to the internet. 5:32:22 PM - Unable
to contact server..

Error - 6/30/2012 8:32:27 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 5:32:27 PM - Error connecting to the internet. 5:32:27 PM - Unable
to contact server..

Error - 6/30/2012 9:32:35 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 6:32:35 PM - Error connecting to the internet. 6:32:35 PM - Unable
to contact server..

Error - 6/30/2012 9:32:45 PM | Computer Name = STEVENPC | Source = MCUpdate | ID = 0
Description = 6:32:40 PM - Error connecting to the internet. 6:32:40 PM - Unable
to contact server..

[ System Events ]
Error - 5/8/2012 11:04:36 PM | Computer Name = STEVENPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:02:10 PM on ?5/?8/?2012 was unexpected.

Error - 5/8/2012 11:04:45 PM | Computer Name = STEVENPC | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%2

Error - 5/9/2012 8:58:01 PM | Computer Name = STEVENPC | Source = DCOM | ID = 10001
Description =

Error - 5/10/2012 1:32:53 AM | Computer Name = STEVENPC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 5/10/2012 8:34:30 PM | Computer Name = STEVENPC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 5/10/2012 8:58:03 PM | Computer Name = STEVENPC | Source = DCOM | ID = 10001
Description =

Error - 5/12/2012 12:43:03 AM | Computer Name = STEVENPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:32:50 PM on ?5/?11/?2012 was unexpected.

Error - 5/12/2012 12:43:15 AM | Computer Name = STEVENPC | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%2

Error - 5/12/2012 9:41:00 PM | Computer Name = STEVENPC | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%2

Error - 5/16/2012 4:57:16 AM | Computer Name = STEVENPC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
Quote:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 16:00:58
-----------------------------
16:00:58.202 OS Version: Windows x64 6.1.7600
16:00:58.202 Number of processors: 8 586 0x1E05
16:00:58.202 ComputerName: STEVENPC UserName: Ming-Ti
16:01:00.712 Initialize success
16:02:14.189 AVAST engine defs: 12071800
17:57:56.874 The log file has been saved successfully to "C:\Users\Ming-Ti\Desktop\aswMBR.txt"

jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
19-Jul-2012, 07:29 AM #4
Hi,

No need to put your logs that are created in code/quote boxes.
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.

To disable Malwarebytes
  • Open the scanner and select the Protection tab
  • Remove the tick from "Start Protection Module with Windows" as seen below


Once complete continue with the instructions...
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Services
    
    :Files
    C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

In your next reply please post the logs made by OTL and ComboFix.
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
19-Jul-2012, 08:22 AM #5
I'll remember that next time Here are OTL and ComboFix.

OTL:
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U folder moved successfully.
C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\L folder moved successfully.
C:\Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chateau
->Temp folder emptied: 131447 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7197055 bytes
->Flash cache emptied: 56478 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 50254 bytes
->Temporary Internet Files folder emptied: 742894 bytes
->Flash cache emptied: 41620 bytes

User: Ming-Ti
->Temp folder emptied: 80155747 bytes
->Temporary Internet Files folder emptied: 69020134 bytes
->Java cache emptied: 6929606 bytes
->FireFox cache emptied: 9212968 bytes
->Google Chrome cache emptied: 383466136 bytes
->Flash cache emptied: 126531 bytes

User: Public

User: Steven

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4643302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 570.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07192012_053916

Files\Folders moved on Reboot...
C:\Users\Ming-Ti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\fla144.tmp not found!
C:\Windows\temp\master33691 moved successfully.

PendingFileRenameOperations files...
File C:\Users\Ming-Ti\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\fla144.tmp not found!
File C:\Windows\temp\master33691 not found!

Registry entries deleted on Reboot...

----------

ComboFix:
ComboFix 12-07-19.01 - Ming-Ti 07/19/2012 5:54.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2614 [GMT -7:00]
Running from: c:\users\Ming-Ti\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\update.msi
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\ShopToWin.exe
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files (x86)\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files (x86)\Shop to Win\TestFeeds\MainStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\VooMuu
c:\program files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuSA.exe
c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuUninstaller.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\VooMuuSA
c:\programdata\VooMuuSA\VooMuuSA.dat
c:\programdata\VooMuuSA\VooMuuSA_kyf.dat
c:\programdata\VooMuuSA\VooMuuSAau.dat
c:\users\Ming-Ti\98da2a1f9690730917d54170cefd2439.jpg
c:\users\Ming-Ti\AppData\Local\assembly\tmp
c:\users\Ming-Ti\Documents\ShopToWin
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
-------\Service_FTSvc
-------\Service_Updater Service for StartNow Toolbar
-------\Service_FTSvc
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 13:06 . 2012-07-19 13:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-19 13:06 . 2012-07-19 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 12:39 . 2012-07-19 12:39 -------- d-----w- C:\_OTL
2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-18 12:00 . 2012-07-18 12:00 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG2012
2012-07-18 06:16 . 2012-07-18 06:16 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 06:16 . 2012-07-18 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 03:56 . 2012-07-18 12:01 -------- d-----w- c:\programdata\AVG2012
2012-07-17 15:35 . 2012-07-18 10:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 15:22 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\Anna
2012-07-17 13:03 . 2012-07-17 13:03 -------- d-----w- c:\program files (x86)\Common Files\DAZ
2012-07-17 12:58 . 2012-07-18 10:46 -------- d-----w- c:\programdata\DAZ 3D
2012-07-17 12:46 . 2012-07-18 10:46 -------- d-----w- c:\program files\DAZ 3D
2012-07-16 06:01 . 2012-07-18 10:49 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-16 05:59 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Oracle
2012-07-16 05:59 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-16 05:56 . 2012-07-16 05:56 -------- d-----w- c:\programdata\McAfee
2012-07-16 01:40 . 2012-07-18 14:50 -------- d-----w- c:\program files (x86)\4game
2012-07-14 01:48 . 2012-07-18 10:45 -------- d-----w- c:\program files (x86)\Audition Online
2012-07-13 12:04 . 2012-07-14 01:03 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-12 06:41 . 2012-07-18 14:47 -------- d-----w- c:\program files (x86)\medit
2012-07-09 20:23 . 2012-07-18 10:49 -------- d-----w- c:\users\Chateau
2012-07-07 02:58 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\NCsoft
2012-07-04 18:22 . 2012-07-18 10:46 -------- d-----w- c:\users\Steven
2012-07-04 03:36 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\beanfun!
2012-07-03 19:25 . 2012-07-19 13:05 -------- d-----w- c:\users\Ming-Ti
2012-07-03 18:52 . 2012-07-18 10:46 -------- d-----w- c:\windows\system32\%LocalAppData%
2012-07-03 18:30 . 2012-02-23 21:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-03 17:47 . 2012-07-18 10:46 -------- d-----w- c:\program files\SmartPCFixer
2012-07-03 17:22 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Uniblue
2012-07-03 17:22 . 2012-07-03 17:22 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-07-03 16:52 . 2012-07-18 10:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-02 18:51 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-02 17:38 . 2012-07-02 19:11 -------- d-----w- C:\e012b0bfc282bb9dec1ac0c1cd7087bb
2012-07-02 17:37 . 2012-05-21 07:20 333216 ----a-w- c:\windows\SysWow64\MMInstaller.dll
2012-07-02 17:35 . 2012-07-18 10:46 -------- d-----w- c:\program files\Tencent
2012-07-02 17:34 . 2012-07-02 17:37 -------- d-----w- c:\programdata\Tencent
2012-07-02 17:34 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-07-02 17:34 . 2012-07-18 14:52 -------- d-----w- c:\program files (x86)\Tencent
2012-07-02 17:33 . 2012-07-02 18:53 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-06-25 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 15:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 15:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 15:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 15:08 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 15:08 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:09 . 2012-04-14 19:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:09 . 2011-12-02 03:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2011-12-03 06:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-01 18:26 . 2011-05-24 03:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-01 18:26 . 2011-11-30 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-01 18:26 . 2011-05-24 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-01 18:26 . 2011-05-24 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-06-25 22:35 . 2010-03-18 16:15 770384 ----a-w- c:\windows\SysWow64\MSVCR100.dll
2012-06-25 22:35 . 2010-03-18 16:15 421200 ----a-w- c:\windows\SysWow64\MSVCP100.dll
2012-06-18 10:32 . 2012-06-18 10:32 1409 ----a-w- c:\windows\Fonts\fsex2p00_public.fot
2012-06-16 06:36 . 2011-11-30 03:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-16 06:36 . 2011-05-24 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-06-16 06:35 . 2011-11-30 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-16 06:35 . 2011-11-30 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-18 02:47 . 2012-06-15 13:42 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-15 13:42 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-15 13:42 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 13:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-15 13:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 13:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-15 13:42 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-15 13:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-15 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-15 13:42 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-15 13:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-15 13:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-15 13:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-15 13:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-15 13:42 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-15 13:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-15 13:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-15 13:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-15 13:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-15 09:38 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 22:28 . 2011-12-28 22:56 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-04 10:52 . 2012-06-15 09:38 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-15 09:38 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-15 09:38 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-15 09:38 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-15 09:38 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-28 00:28 . 2012-04-28 01:12 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-26 05:34 . 2012-06-15 09:38 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-15 09:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-15 09:38 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-15 09:37 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-15 09:37 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-15 09:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-15 09:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\a md64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-01-28 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\w ow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46F9BE77-3DD9-0ECB-98F9-1793D13B9886}]
2012-06-27 23:25 1404320 ----a-w- c:\program files\Tencent\SSPlus\SAddr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-02 18:52 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-02 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
"QQIntl"="c:\program files (x86)\Tencent\QQIntl\Bin\QQ.exe" [2012-07-02 128416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-03 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-13 895376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-02 1107552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MSPANotify - Shortcut.lnk - c:\users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe [2012-7-16 410112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 iscFlash;iscFlash;c:\users\Steven\AppData\Local\Temp\7zSB6F0.tmp\iscflashx6 4.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-13 121416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 qkm;qkm;c:\koramgame\GDOnline\mqkwy64.sys [2012-02-04 48048]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-24 291328]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2011-12-09 47224]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-07-06 89560]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-09 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
R3 X6va005;X6va005;c:\users\Steven\AppData\Local\Temp\0057DA7.tmp [x]
R3 X6va006;X6va006;c:\users\Steven\AppData\Local\Temp\006F845.tmp [x]
R3 X6va008;X6va008;c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-09 6583160]
S2 TBUpdate;Tencent Toolbar Update Service;c:\program files\Tencent\barupdate\TBUpdate.exe [2012-07-03 197536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-09 528760]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-29 549744]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-02 935008]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 32880]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 16:09]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004Core.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004UA.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-16 c:\windows\Tasks\Norton Security Scan for Steven.job
- c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2011-12-23 09:45]
.
2012-07-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-03 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-24 487424]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF14418.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}: NameServer = 4.2.2.1
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}\46C696E6B6: NameServer = 4.2.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://sslpx-ccas01.edmc.edu/auth/taweb.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\users\Ming-Ti\AppData\Roaming\Mozilla\Firefox\Profiles\4fiohuq8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52&v=11.1.0.12&sap=hp
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Ming-Ti\AppData\Local\Akamai\netsession_win.exe
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-VooMuuSA - c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuUninstaller.exe
AddRemove-{92A196AE-9B4D-499C-94D4-18FA2061B3CE}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\0057DA7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\006F845.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:21,08,4a,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:ed,b8,9e,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:56,b0,46,84,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:22,6d,17,88,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\1f\15\05\19?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-07-19 06:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 13:16
.
Pre-Run: 80,174,125,056 bytes free
Post-Run: 79,650,013,184 bytes free
.
- - End Of File - - 776E5CDADF44DC75D8E521E4A26A5F1A
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Jul-2012, 08:10 AM #6
Hi,
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    FCopy::
    c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll
    
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
    mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: qq.com\cache.tv
    Trusted Zone: qq.com\qqlivecaption
    Trusted Zone: qq.com\qqlivehabit
    Trusted Zone: qq.com\qqlivesearch
    Trusted Zone: qq.com\video_1
    
    File::
    c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{90b49673-5506-483e-b92b-ca0265bd9ca8}"=-
    [-HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"=-
    
    Driver::
    AdvancedSystemCareService5
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
20-Jul-2012, 08:58 AM #7
ComboFix 12-07-20.02 - Ming-Ti 07/20/2012 6:31.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2738 [GMT -7:00]
Running from: c:\users\Ming-Ti\Desktop\ComboFix.exe
Command switches used :: c:\users\Ming-Ti\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll"
"c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdvancedSystemCareService5
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 13:42 . 2012-07-20 13:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-20 13:42 . 2012-07-20 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 10:07 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 12:39 . 2012-07-19 12:39 -------- d-----w- C:\_OTL
2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-18 12:00 . 2012-07-18 12:00 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG2012
2012-07-18 06:16 . 2012-07-18 06:16 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 06:16 . 2012-07-18 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 03:56 . 2012-07-18 12:01 -------- d-----w- c:\programdata\AVG2012
2012-07-17 15:35 . 2012-07-18 10:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 15:22 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\Anna
2012-07-17 13:03 . 2012-07-17 13:03 -------- d-----w- c:\program files (x86)\Common Files\DAZ
2012-07-17 12:58 . 2012-07-18 10:46 -------- d-----w- c:\programdata\DAZ 3D
2012-07-17 12:46 . 2012-07-18 10:46 -------- d-----w- c:\program files\DAZ 3D
2012-07-16 06:01 . 2012-07-18 10:49 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-16 05:59 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Oracle
2012-07-16 05:59 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-16 05:56 . 2012-07-16 05:56 -------- d-----w- c:\programdata\McAfee
2012-07-16 01:40 . 2012-07-18 14:50 -------- d-----w- c:\program files (x86)\4game
2012-07-14 01:48 . 2012-07-18 10:45 -------- d-----w- c:\program files (x86)\Audition Online
2012-07-13 12:04 . 2012-07-14 01:03 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-12 06:41 . 2012-07-18 14:47 -------- d-----w- c:\program files (x86)\medit
2012-07-09 20:23 . 2012-07-18 10:49 -------- d-----w- c:\users\Chateau
2012-07-07 02:58 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\NCsoft
2012-07-04 18:22 . 2012-07-18 10:46 -------- d-----w- c:\users\Steven
2012-07-04 03:36 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\beanfun!
2012-07-03 19:25 . 2012-07-19 13:05 -------- d-----w- c:\users\Ming-Ti
2012-07-03 18:52 . 2012-07-18 10:46 -------- d-----w- c:\windows\system32\%LocalAppData%
2012-07-03 18:30 . 2012-02-23 21:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-03 17:47 . 2012-07-18 10:46 -------- d-----w- c:\program files\SmartPCFixer
2012-07-03 17:22 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Uniblue
2012-07-03 17:22 . 2012-07-03 17:22 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-07-03 16:52 . 2012-07-18 10:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-02 18:51 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-02 17:38 . 2012-07-02 19:11 -------- d-----w- C:\e012b0bfc282bb9dec1ac0c1cd7087bb
2012-07-02 17:37 . 2012-05-21 07:20 333216 ----a-w- c:\windows\SysWow64\MMInstaller.dll
2012-07-02 17:35 . 2012-07-18 10:46 -------- d-----w- c:\program files\Tencent
2012-07-02 17:34 . 2012-07-02 17:37 -------- d-----w- c:\programdata\Tencent
2012-07-02 17:34 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-07-02 17:34 . 2012-07-18 14:52 -------- d-----w- c:\program files (x86)\Tencent
2012-07-02 17:33 . 2012-07-02 18:53 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-06-25 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 15:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 15:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 15:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 15:08 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 15:08 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:09 . 2012-04-14 19:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:09 . 2011-12-02 03:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2011-12-03 06:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-01 18:26 . 2011-05-24 03:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-01 18:26 . 2011-11-30 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-01 18:26 . 2011-05-24 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-01 18:26 . 2011-05-24 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-06-25 22:35 . 2010-03-18 16:15 770384 ----a-w- c:\windows\SysWow64\MSVCR100.dll
2012-06-25 22:35 . 2010-03-18 16:15 421200 ----a-w- c:\windows\SysWow64\MSVCP100.dll
2012-06-18 10:32 . 2012-06-18 10:32 1409 ----a-w- c:\windows\Fonts\fsex2p00_public.fot
2012-06-16 06:36 . 2011-11-30 03:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-16 06:36 . 2011-05-24 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-06-16 06:35 . 2011-11-30 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-16 06:35 . 2011-11-30 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-13 22:28 . 2011-12-28 22:56 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-04 10:52 . 2012-06-15 09:38 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-15 09:38 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-15 09:38 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-15 09:38 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-15 09:38 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-28 00:28 . 2012-04-28 01:12 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-26 05:34 . 2012-06-15 09:38 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-15 09:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-15 09:38 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-15 09:37 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-15 09:37 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-15 09:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-15 09:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\a md64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_13.08.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-01 01:48 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-17 17:42 . 2012-06-02 04:42 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-17 17:42 . 2012-06-02 04:48 22016 c:\windows\SysWOW64\secur32.dll
- 2012-02-01 01:48 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-20 10:02 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-15 13:42 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-07-20 10:02 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-15 13:42 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-20 10:02 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-15 13:42 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-04-08 10:35 . 2012-07-20 10:14 65076 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-20 13:46 37060 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-20 10:02 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-06-15 13:42 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-07-20 10:02 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-06-15 13:42 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-20 10:02 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2012-06-15 13:42 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
+ 2012-07-17 17:42 . 2012-06-02 05:38 95088 c:\windows\system32\drivers\ksecdd.sys
- 2012-02-01 01:49 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys
- 2012-04-08 07:05 . 2012-07-19 13:08 54594 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet .dat
+ 2012-04-08 07:05 . 2012-07-20 13:44 54594 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet .dat
- 2011-04-08 09:29 . 2012-07-19 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-04-08 09:29 . 2012-07-20 10:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2012-07-19 12:48 . 2012-07-19 12:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2012-07-19 12:48 . 2012-07-20 10:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-20 10:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2012-01-19 06:08 . 2012-06-15 13:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-20 13:28 . 2011-07-20 13:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\SCANOST.EXE
+ 2011-07-20 13:28 . 2011-07-20 13:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\RM.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\RECALL.DLL
+ 2011-05-27 03:18 . 2011-05-27 03:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OUTLVBA.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\DUMPSTER.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\DLGSETP.DLL
+ 2012-07-04 18:25 . 2012-07-20 13:46 5666 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4068807989-813300523-3891819274-1004_UserData.bin
+ 2012-07-20 13:44 . 2012-07-20 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-19 13:08 . 2012-07-19 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-19 13:08 . 2012-07-19 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-20 13:44 . 2012-07-20 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 13:42 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-20 10:02 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-17 17:42 . 2012-06-02 04:48 225280 c:\windows\SysWOW64\schannel.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-17 17:42 . 2012-06-02 04:47 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-20 10:02 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
- 2012-06-15 13:42 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-07-20 10:02 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-15 13:42 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-20 10:02 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2012-06-15 13:42 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-14 04:54 . 2012-07-19 12:44 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-20 11:26 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2012-06-15 13:42 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-07-20 10:02 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
- 2012-02-01 01:49 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll
+ 2012-07-17 17:42 . 2012-06-02 05:27 340992 c:\windows\system32\schannel.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-17 17:42 . 2012-06-02 05:27 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-20 10:02 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2012-06-15 13:42 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
- 2012-06-15 13:42 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-20 10:02 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-20 10:02 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
- 2012-06-15 13:42 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
- 2012-02-01 01:49 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-17 17:42 . 2012-06-02 05:38 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-17 17:42 . 2012-06-02 05:37 459216 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 05:01 . 2012-07-20 13:43 485976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-19 13:07 485976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-20 10:10 . 2012-07-20 10:10 833308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4068807989-813300523-3891819274-1004-8192.dat
- 2012-01-19 06:08 . 2012-06-15 13:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-07-20 13:28 . 2011-07-20 13:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\SCNPST64.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\SCNPST32.DLL
+ 2011-07-27 11:55 . 2011-07-27 11:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\RTFHTML.DLL
+ 2011-07-20 14:06 . 2011-07-20 14:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\REGFORM.EXE
+ 2011-07-20 13:28 . 2011-07-20 13:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\PSTPRX32.DLL
+ 2011-05-31 23:15 . 2011-05-31 23:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OUTLPH.DLL
+ 2011-07-27 11:55 . 2011-07-27 11:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OUTLMIME.DLL
+ 2011-05-27 03:18 . 2011-05-27 03:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OUTLCTL.DLL
+ 2011-07-27 13:03 . 2011-07-27 13:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OMSXP32.DLL
+ 2011-07-27 13:03 . 2011-07-27 13:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OMSMAIN.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OLKFSTUB.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\MIMEDIR.DLL
+ 2012-03-29 03:54 . 2012-03-29 03:54 117160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\IPOMINT.DLL
+ 2011-07-20 14:06 . 2011-07-20 14:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\IPOLK.DLL
+ 2011-07-20 13:28 . 2011-07-20 13:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\IMPMAIL.DLL
+ 2009-02-26 19:09 . 2009-02-26 19:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\ENVELOPE.DLL
+ 2011-05-27 03:18 . 2011-05-27 03:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\EMABLT32.DLL
+ 2011-07-27 11:55 . 2011-07-27 11:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\CONTAB32.DLL
+ 2012-07-20 10:13 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\7-20-2012\ERDNT.EXE
- 2012-03-29 03:54 . 2012-03-29 03:54 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.I nterop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll
+ 2012-07-20 10:04 . 2012-07-20 10:04 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.I nterop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll
+ 2012-07-20 10:02 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-06-15 13:42 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-20 10:02 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-06-15 13:42 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-01-19 01:46 . 2010-12-21 05:36 1389568 c:\windows\SysWOW64\msxml6.dll
+ 2012-07-17 17:42 . 2012-06-06 05:09 1389568 c:\windows\SysWOW64\msxml6.dll
- 2012-01-19 01:46 . 2010-12-21 05:36 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-17 17:42 . 2012-06-06 05:09 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-20 10:02 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-15 13:42 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-07-20 10:02 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-06-15 13:42 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-06-15 13:42 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-07-20 10:02 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 04:54 . 2012-07-20 11:26 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 12:44 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2012-06-15 13:42 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-07-20 10:02 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-06-15 13:42 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
+ 2012-07-20 10:02 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-07-17 17:42 . 2012-06-06 05:50 2003968 c:\windows\system32\msxml6.dll
- 2012-01-19 01:46 . 2010-12-21 06:13 2003968 c:\windows\system32\msxml6.dll
+ 2012-07-17 17:42 . 2012-06-06 05:50 1880064 c:\windows\system32\msxml3.dll
- 2012-06-15 13:42 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-07-20 10:02 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
+ 2012-07-20 10:02 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2012-06-15 13:42 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-07-20 10:12 4990008 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-18 10:00 4990008 c:\windows\system32\FNTCACHE.DAT
+ 2012-07-04 08:45 . 2012-07-20 13:43 5074016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4068807989-813300523-3891819274-1004-12288.dat
+ 2012-05-30 14:18 . 2012-05-30 14:18 1739264 c:\windows\Installer\47b574c.msp
+ 2012-06-19 19:54 . 2012-06-19 19:54 2239488 c:\windows\Installer\47b5743.msp
+ 2012-06-19 19:54 . 2012-06-19 19:54 5009920 c:\windows\Installer\47b572d.msp
+ 2012-04-05 05:37 . 2012-04-05 05:37 2540544 c:\windows\Installer\47b5718.msp
+ 2012-04-05 05:37 . 2012-04-05 05:37 3149824 c:\windows\Installer\47b56f4.msp
- 2012-01-19 06:08 . 2012-06-15 13:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-01-19 06:08 . 2012-07-20 10:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-01-19 06:08 . 2012-06-15 13:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-27 11:55 . 2011-07-27 11:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OLMAPI32.DLL
+ 2011-07-27 12:09 . 2011-07-27 12:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\IPEDITOR.DLL
+ 2011-07-27 12:09 . 2011-07-27 12:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\IPDESIGN.DLL
+ 2011-07-27 12:09 . 2011-07-27 12:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\INFOPATH.EXE
+ 2012-07-20 10:13 . 2012-07-20 10:13 1470464 c:\windows\ERDNT\AutoBackup\7-20-2012\Users\00000002\UsrClass.dat
+ 2012-07-20 10:13 . 2012-07-20 10:13 2617344 c:\windows\ERDNT\AutoBackup\7-20-2012\Users\00000001\ntuser.dat
+ 2012-07-17 17:42 . 2012-06-09 04:46 12868608 c:\windows\SysWOW64\shell32.dll
+ 2012-07-20 10:02 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
- 2012-06-15 13:42 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 04:54 . 2012-07-19 12:44 11304960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-20 11:26 11304960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-07-20 10:26 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-17 17:42 . 2012-06-09 05:30 14165504 c:\windows\system32\shell32.dll
+ 2012-07-20 10:02 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
- 2012-06-15 13:42 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
- 2012-06-15 13:42 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2012-07-20 10:02 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
+ 2012-05-30 14:18 . 2012-05-30 14:18 11885056 c:\windows\Installer\47b577b.msp
+ 2011-08-04 01:18 . 2011-08-04 01:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\ 12.0.6612\OUTLOOK.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46F9BE77-3DD9-0ECB-98F9-1793D13B9886}]
2012-06-27 23:25 1404320 ----a-w- c:\program files\Tencent\SSPlus\SAddr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-02 18:52 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-02 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"QQIntl"="c:\program files (x86)\Tencent\QQIntl\Bin\QQ.exe" [2012-07-02 128416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-03 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-13 895376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-02 1107552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MSPANotify - Shortcut.lnk - c:\users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe [2012-7-16 410112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 iscFlash;iscFlash;c:\users\Steven\AppData\Local\Temp\7zSB6F0.tmp\iscflashx6 4.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-13 121416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 qkm;qkm;c:\koramgame\GDOnline\mqkwy64.sys [2012-02-04 48048]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-24 291328]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2011-12-09 47224]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-07-06 89560]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-09 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
R3 X6va005;X6va005;c:\users\Steven\AppData\Local\Temp\0057DA7.tmp [x]
R3 X6va006;X6va006;c:\users\Steven\AppData\Local\Temp\006F845.tmp [x]
R3 X6va008;X6va008;c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-09 6583160]
S2 TBUpdate;Tencent Toolbar Update Service;c:\program files\Tencent\barupdate\TBUpdate.exe [2012-07-03 197536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-09 528760]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-29 549744]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-02 935008]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 32880]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 16:09]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004Core.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004UA.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-20 c:\windows\Tasks\Norton Security Scan for Steven.job
- c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2011-12-23 09:45]
.
2012-07-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-03 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-24 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF9317.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}: NameServer = 4.2.2.1
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}\46C696E6B6: NameServer = 4.2.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://sslpx-ccas01.edmc.edu/auth/taweb.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\users\Ming-Ti\AppData\Roaming\Mozilla\Firefox\Profiles\4fiohuq8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52&v=11.1.0.12&sap=hp
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\0057DA7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\006F845.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4068807989-813300523-3891819274-1004\Software\SecuROM\License information*]
"datasecu"=hex:c2,9b,a8,d5,ff,34,0c,8d,a8,da,43,7f,e9,ad,ea,b1,2e,8b,cc,c1, 83,
60,32,d6,ab,98,e7,03,0a,97,f3,50,f0,ee,06,e6,17,5a,1e,4b,da,38,ab,cf,73,e0, \
"rkeysecu"=hex:14,03,a4,25,64,92,b7,ea,61,f6,b5,af,0e,39,52,ee
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:21,08,4a,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:ed,b8,9e,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:56,b0,46,84,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:22,6d,17,88,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\1f\15\05\19?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-07-20 06:52:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 13:52
ComboFix2.txt 2012-07-19 13:16
.
Pre-Run: 91,073,351,680 bytes free
Post-Run: 90,928,418,816 bytes free
.
- - End Of File - - 1419EDFF231334530869B22848C58ED4
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
20-Jul-2012, 10:38 AM #8
Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
----------
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
21-Jul-2012, 10:56 AM #9
Malwarebytes


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ming-Ti :: STEVENPC [administrator]

Protection: Disabled

7/20/2012 8:56:55 PM
mbam-log-2012-07-20 (21-00-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249051
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 2
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> 2912 -> No action taken.
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> 2976 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKLM\SYSTEM\CurrentControlSet\Services\UpdaterService (PUP.BundleInstaller.IB) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Updater Service (PUP.BundleInstaller.IB) -> No action taken.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3} (Trojan.Agent) -> No action taken.
HKCR\Interface\{3084BC3D-C0D6-4A28-A8A4-5857165886EE} (Trojan.Agent) -> No action taken.
HKCR\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VooMuuSA (Adware.HotBar.VM) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Data: SOSO工具栏 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Program Files\Tencent\QQToolbar\IEBar.dll (Trojan.Agent) -> No action taken.
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_speaker.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_sumotori-dreams.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\Ming-Ti\Downloads\WhiteSmokeWriter8940_en.exe (Trojan.Downloader) -> No action taken.

(end)
------

Eset


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5bfbb8548cf0194490f1d1f0202f77bd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-21 07:34:20
# local_time=2012-07-21 12:34:20 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 39666183 94387684 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=548435
# found=30
# cleaned=0
# scan_time=11826
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\WhiteSmokeTranslator\WSRegistrationDictMode.exe probably a variant of Win32/WhiteSmoke application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\UpdaterService\wsupdsvc.exe a variant of Win32/Obfuscated.NEU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\DealBulldog Toolbar\UninstallToolbar.exe.vir Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSA.exe.vir probably a variant of Win32/Adware.180Solutions application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll.vir a variant of Win32/Adware.180Solutions application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuUninstaller.exe.vir a variant of Win32/Adware.HotBar.E application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\UpdaterService\wsupdsvc.exe a variant of Win32/Obfuscated.NEU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\Downloads\CheatEngine61.exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\Downloads\cnet2_rpc412_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_speaker.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_sumotori-dreams.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ming-Ti\Downloads\WhiteSmokeWriter8940_en.exe a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07192012_053916\C_Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07192012_053916\C_Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000000.@ Win64/Sirefef.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07192012_053916\C_Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07192012_053916\C_Windows\Installer\{c1d4325d-1fb2-7345-30c4-1b90493abfb3}\U\80000064.@ Win64/Sirefef.AN trojan (unable to clean) 00000000000000000000000000000000 I
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
21-Jul-2012, 09:06 PM #10
Hi,

Please run Malwarebytes again and remove all the entries that are found and post the new log.
-------------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    File::
    C:\Program Files (x86)\WhiteSmokeTranslator\WSRegistrationDictMode.exe	
    C:\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html	
    C:\ProgramData\UpdaterService\wsupdsvc.exe	
    C:\Users\All Users\UpdaterService\wsupdsvc.exe	
    C:\Users\Ming-Ti\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe	
    C:\Users\Ming-Ti\Downloads\CheatEngine61.exe	
    C:\Users\Ming-Ti\Downloads\WhiteSmokeWriter8940_en.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
----------

In your next reply please post the logs made by Malwarebytes, ComboFix and Security Check. Also let me know how your system is running.
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
22-Jul-2012, 06:39 AM #11
My computer's been running great since the first scan/fix! When I did the second one I didn't realize there were so many other problems. n n; Thanks for your help by the way.

ComboFix:

ComboFix 12-07-21.01 - Ming-Ti 07/22/2012 4:09.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2447 [GMT -7:00]
Running from: c:\users\Ming-Ti\Desktop\ComboFix.exe
Command switches used :: c:\users\Ming-Ti\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html"
"c:\program files (x86)\WhiteSmokeTranslator\WSRegistrationDictMode.exe"
"c:\programdata\UpdaterService\wsupdsvc.exe"
"c:\users\All Users\UpdaterService\wsupdsvc.exe"
"c:\users\Ming-Ti\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe"
"c:\users\Ming-Ti\Downloads\CheatEngine61.exe"
"c:\users\Ming-Ti\Downloads\WhiteSmokeWriter8940_en.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 11:21 . 2012-07-22 11:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-22 11:21 . 2012-07-22 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 17:52 . 2012-07-21 17:52 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-07-21 17:52 . 2012-07-21 17:52 -------- d-----w- c:\programdata\SplitMediaLabs
2012-07-21 04:12 . 2012-07-21 04:12 -------- d-----w- c:\program files (x86)\ESET
2012-07-21 03:56 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 10:07 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 12:39 . 2012-07-19 12:39 -------- d-----w- C:\_OTL
2012-07-19 12:36 . 2012-07-19 12:36 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-18 12:00 . 2012-07-18 12:00 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG2012
2012-07-18 06:16 . 2012-07-18 06:16 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 06:16 . 2012-07-21 03:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 03:56 . 2012-07-18 12:01 -------- d-----w- c:\programdata\AVG2012
2012-07-17 15:35 . 2012-07-18 10:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 15:22 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\Anna
2012-07-17 13:03 . 2012-07-17 13:03 -------- d-----w- c:\program files (x86)\Common Files\DAZ
2012-07-17 12:58 . 2012-07-18 10:46 -------- d-----w- c:\programdata\DAZ 3D
2012-07-17 12:46 . 2012-07-18 10:46 -------- d-----w- c:\program files\DAZ 3D
2012-07-16 06:01 . 2012-07-18 10:49 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-07-16 06:00 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-16 05:59 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Oracle
2012-07-16 05:59 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-16 05:56 . 2012-07-16 05:56 -------- d-----w- c:\programdata\McAfee
2012-07-16 01:40 . 2012-07-18 14:50 -------- d-----w- c:\program files (x86)\4game
2012-07-14 01:48 . 2012-07-18 10:45 -------- d-----w- c:\program files (x86)\Audition Online
2012-07-13 12:04 . 2012-07-14 01:03 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-12 06:41 . 2012-07-18 14:47 -------- d-----w- c:\program files (x86)\medit
2012-07-09 20:23 . 2012-07-18 10:49 -------- d-----w- c:\users\Chateau
2012-07-07 02:58 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\NCsoft
2012-07-04 18:22 . 2012-07-18 10:46 -------- d-----w- c:\users\Steven
2012-07-04 03:36 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\beanfun!
2012-07-03 19:25 . 2012-07-19 13:05 -------- d-----w- c:\users\Ming-Ti
2012-07-03 18:52 . 2012-07-18 10:46 -------- d-----w- c:\windows\system32\%LocalAppData%
2012-07-03 18:30 . 2012-02-23 21:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-03 17:47 . 2012-07-18 10:46 -------- d-----w- c:\program files\SmartPCFixer
2012-07-03 17:22 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Uniblue
2012-07-03 17:22 . 2012-07-03 17:22 -------- dc-h--w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-07-03 16:52 . 2012-07-18 10:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-02 18:52 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-02 18:51 . 2012-07-18 10:49 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-02 17:38 . 2012-07-02 19:11 -------- d-----w- C:\e012b0bfc282bb9dec1ac0c1cd7087bb
2012-07-02 17:37 . 2012-05-21 07:20 333216 ----a-w- c:\windows\SysWow64\MMInstaller.dll
2012-07-02 17:35 . 2012-07-18 10:46 -------- d-----w- c:\program files\Tencent
2012-07-02 17:34 . 2012-07-02 17:37 -------- d-----w- c:\programdata\Tencent
2012-07-02 17:34 . 2012-07-18 10:46 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-07-02 17:34 . 2012-07-18 14:52 -------- d-----w- c:\program files (x86)\Tencent
2012-07-02 17:33 . 2012-07-02 18:53 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-06-25 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 15:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 15:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 15:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 15:08 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 15:08 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:09 . 2012-04-14 19:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:09 . 2011-12-02 03:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2011-12-03 06:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-01 18:26 . 2011-05-24 03:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-07-01 18:26 . 2011-11-30 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-01 18:26 . 2011-05-24 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-01 18:26 . 2011-05-24 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-06-25 22:35 . 2010-03-18 16:15 770384 ----a-w- c:\windows\SysWow64\MSVCR100.dll
2012-06-25 22:35 . 2010-03-18 16:15 421200 ----a-w- c:\windows\SysWow64\MSVCP100.dll
2012-06-18 10:32 . 2012-06-18 10:32 1409 ----a-w- c:\windows\Fonts\fsex2p00_public.fot
2012-06-16 06:36 . 2011-11-30 03:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-16 06:36 . 2011-05-24 03:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-06-16 06:35 . 2011-11-30 03:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-16 06:35 . 2011-11-30 03:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-13 22:28 . 2011-12-28 22:56 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-04 10:52 . 2012-06-15 09:38 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-15 09:38 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-15 09:38 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-15 09:38 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-15 09:38 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-28 00:28 . 2012-04-28 01:12 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-26 05:34 . 2012-06-15 09:38 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-15 09:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-15 09:38 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-15 09:37 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-15 09:37 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-15 09:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-15 09:37 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-15 09:37 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\a md64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-01-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-07-20_13.45.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-08 10:35 . 2012-07-22 10:44 65292 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-22 10:44 37296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-08 07:05 . 2012-07-22 10:41 54594 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet .dat
- 2012-04-08 07:05 . 2012-07-20 13:44 54594 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet .dat
- 2011-04-08 09:29 . 2012-07-20 10:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-04-08 09:29 . 2012-07-22 10:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2012-07-19 12:48 . 2012-07-20 10:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2012-07-19 12:48 . 2012-07-22 10:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 10:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-20 10:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2012-07-21 17:52 . 2012-07-21 17:52 14534 c:\windows\Installer\{15C49338-59E5-472E-94F7-D5AE15EE23C9}\SystemFolder_msiexec.exe
+ 2012-07-04 18:25 . 2012-07-22 10:44 6252 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4068807989-813300523-3891819274-1004_UserData.bin
+ 2012-07-22 10:40 . 2012-07-22 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-20 13:44 . 2012-07-20 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-20 13:44 . 2012-07-20 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 10:40 . 2012-07-22 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-21 17:52 . 2012-07-21 17:52 9662 c:\windows\Installer\{15C49338-59E5-472E-94F7-D5AE15EE23C9}\XSplit.Core.exe
+ 2009-07-14 04:54 . 2012-07-22 10:40 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-20 11:26 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-20 13:43 485976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-21 20:26 485976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-02 01:13 . 2012-06-02 01:13 886272 c:\windows\Installer\30a6634.msi
+ 2012-07-22 10:42 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\7-22-2012\ERDNT.EXE
+ 2009-07-14 04:54 . 2012-07-22 10:40 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-20 11:26 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 08:45 . 2012-07-21 20:26 5325852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4068807989-813300523-3891819274-1004-12288.dat
+ 2012-07-22 10:42 . 2012-07-22 10:42 2527232 c:\windows\ERDNT\AutoBackup\7-22-2012\Users\00000002\UsrClass.dat
+ 2012-07-22 10:42 . 2012-07-22 10:42 2654208 c:\windows\ERDNT\AutoBackup\7-22-2012\Users\00000001\ntuser.dat
- 2009-07-14 04:54 . 2012-07-20 11:26 11304960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 10:40 11304960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-20 10:26 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-22 10:56 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46F9BE77-3DD9-0ECB-98F9-1793D13B9886}]
2012-06-27 23:25 1404320 ----a-w- c:\program files\Tencent\SSPlus\SAddr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-02 18:52 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-02 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"QQIntl"="c:\program files (x86)\Tencent\QQIntl\Bin\QQ.exe" [2012-07-02 128416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-03 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-13 895376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-02 1107552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Ming-Ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MSPANotify - Shortcut.lnk - c:\users\Ming-Ti\Downloads\MSPANotify-0.4.1\MSPANotify.exe [2012-7-16 410112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 iscFlash;iscFlash;c:\users\Steven\AppData\Local\Temp\7zSB6F0.tmp\iscflashx6 4.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-13 121416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 qkm;qkm;c:\koramgame\GDOnline\mqkwy64.sys [2012-02-04 48048]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-24 291328]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2011-12-09 47224]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-07-06 89560]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-09 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
R3 X6va005;X6va005;c:\users\Steven\AppData\Local\Temp\0057DA7.tmp [x]
R3 X6va006;X6va006;c:\users\Steven\AppData\Local\Temp\006F845.tmp [x]
R3 X6va008;X6va008;c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_ne utral_70dacb64382a61a7\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-09 6583160]
S2 TBUpdate;Tencent Toolbar Update Service;c:\program files\Tencent\barupdate\TBUpdate.exe [2012-07-03 197536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-09 528760]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-29 549744]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-02 935008]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 32880]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 16:09]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004Core.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4068807989-813300523-3891819274-1004UA.job
- c:\users\Ming-Ti\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 19:51]
.
2012-07-20 c:\windows\Tasks\Norton Security Scan for Steven.job
- c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2011-12-23 09:45]
.
2012-07-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-03 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-24 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}: NameServer = 4.2.2.1
TCP: Interfaces\{CB0B424B-A1EC-4E14-9608-4D23B7C425F2}\46C696E6B6: NameServer = 4.2.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://sslpx-ccas01.edmc.edu/auth/taweb.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath - c:\users\Ming-Ti\AppData\Roaming\Mozilla\Firefox\Profiles\4fiohuq8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={D1E1E66B-09C0-42E2-9FAC-CAB67704104F}&mid=4d27b50357d247d68b6f1a671b6c1e32-ec7a1d4c2e9b3a9a0ad0219ec7c4e08c4f2893c9&lang=en&ds=yu012&pr=sa&d=2012-07-02 11:52&v=11.1.0.12&sap=hp
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\0057DA7.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Steven\AppData\Local\Temp\006F845.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Ming-Ti\AppData\Local\Temp\008F846.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4068807989-813300523-3891819274-1004\Software\SecuROM\License information*]
"datasecu"=hex:34,ba,59,bc,fe,c5,16,38,e7,50,e2,eb,4e,5b,05,28,4e,f3,5f,61, b2,
93,63,8b,db,e0,ba,e4,ae,f4,ee,df,af,12,79,23,db,7a,cc,12,db,41,bc,b4,c4,eb, \
"rkeysecu"=hex:3a,d6,8d,b9,70,08,bc,18,cb,d3,05,7d,1d,91,ec,a8
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:21,08,4a,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:ed,b8,9e,87,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:56,b0,46,84,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:22,6d,17,88,32,1f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\1f\15\05\19?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 04:25:45
ComboFix-quarantined-files.txt 2012-07-22 11:25
ComboFix2.txt 2012-07-20 13:52
ComboFix3.txt 2012-07-19 13:16
.
Pre-Run: 85,097,787,392 bytes free
Post-Run: 84,810,027,008 bytes free
.
- - End Of File - - 04E70C137A1E247A40F5956D52D5C351
------

SecurityCheck:
Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Mozilla Firefox (8.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
------

Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ming-Ti :: STEVENPC [administrator]

Protection: Enabled

7/22/2012 4:31:33 AM
mbam-log-2012-07-22 (04-35-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249022
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 2
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> 896 -> No action taken.
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> 5208 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKLM\SYSTEM\CurrentControlSet\Services\UpdaterService (PUP.BundleInstaller.IB) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Updater Service (PUP.BundleInstaller.IB) -> No action taken.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{B1A7C2CF-BF40-4597-8142-7615D74D0CC3} (Trojan.Agent) -> No action taken.
HKCR\Interface\{3084BC3D-C0D6-4A28-A8A4-5857165886EE} (Trojan.Agent) -> No action taken.
HKCR\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VooMuuSA (Adware.HotBar.VM) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{29CF293A-1E7D-4069-9E11-E39698D0AF95} (Trojan.Agent) -> Data: SOSO工具栏 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\UpdaterService\wsupdsvc.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Program Files\Tencent\QQToolbar\IEBar.dll (Trojan.Agent) -> No action taken.
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_speaker.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\Ming-Ti\Downloads\SoftonicDownloader_for_sumotori-dreams.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\Ming-Ti\Downloads\WhiteSmokeWriter8940_en.exe (Trojan.Downloader) -> No action taken.

(end)
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
22-Jul-2012, 08:41 PM #12
Hi,

Why have you not removed the entries found by Malwarebytes?
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
24-Jul-2012, 07:49 PM #13
Oh! Eheh, I have a bad experience with not doing thing to the word, so if it doesn't come up in the instructions I usually don't bother. But the entries have been removed. Is there anything else needed?
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
24-Jul-2012, 09:56 PM #14
Ok great!! How is the system running now?
Trumi's Avatar
Trumi Trumi is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
26-Jul-2012, 03:58 PM #15
My system's running wonderfully! Thanks again for your help!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
doubleclick, service.exe

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2