1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MIX.dj search engine ?

Discussion in 'Virus & Other Malware Removal' started by neofan3, Mar 11, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    This thing is VERY weird. It started when I installed a powertoy for wallpapers. This powertoy looks exactly the same as MS powertoy, except it doesn't require validation. * and it started all kinds of trouble. This MIX.dj can not be get rid off. It is always on firefox when I start this browser. Since it is not even listed as one of the search engine in firefox so I adopted a solution: I set home page as google search. Now, I will not see it although it is there.

    No anti spy and malware work.

    * Now I downloaded the MS powertoy for wallpapers with validation. And this one is good.
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created on your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
     
  3. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    1. dds.txt :

     
  4. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    2. attach.txt:

     
  5. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    3. result from search by ADWCLEANER:


     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    Please run AdwCleaner again and this time select the "delete" option and post the resulting log.
     
  7. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    From adwcleaner:

     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    Please do not enclose the logs in quote tags but just copy and paste them in the reply.

    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  9. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    OTL.text:

    OTL logfile created on: 3/11/2013 10:15:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyhong\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 82.99% Memory free
    5.09 Gb Paging File | 4.55 Gb Available in Paging File | 89.38% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139.73 Gb Total Space | 107.91 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 1799.53 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
    Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LYHONG-XP | User Name: lyhong | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/11 22:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
    PRC - [2013/02/20 22:44:22 | 002,238,704 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2013/02/09 23:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/02/08 14:32:00 | 000,150,768 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012/11/01 15:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2012/10/13 11:15:01 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/12/12 11:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
    PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
    PRC - [2006/12/12 11:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
    PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    PRC - [2002/12/18 14:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/09 23:20:28 | 001,564,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
    MOD - [2013/02/09 23:20:28 | 001,125,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
    MOD - [2013/02/09 23:20:28 | 000,357,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
    MOD - [2006/06/11 23:33:08 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
    MOD - [2005/06/07 09:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


    ========== Services (SafeList) ==========

    SRV - [2013/03/10 21:35:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/03/10 08:28:14 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/09 23:20:28 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/02/08 14:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012/10/13 11:15:01 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/03 04:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2013/01/03 04:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2013/01/03 04:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2012/12/19 01:41:55 | 000,128,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2012/10/14 17:03:07 | 000,092,800 | ---- | M] (Microsoft Corp.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SysTrace.sys -- (SysTrace)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/04/27 19:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2010/04/27 19:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2010/04/27 19:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2007/06/18 04:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
    DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2006/12/19 09:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2006/12/19 09:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2006/12/19 09:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2006/12/19 09:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2006/12/19 09:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2006/12/19 09:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/11/10 05:06:04 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 22:33:26 | 000,000,000 | ---D | M]

    [2013/03/10 21:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Extensions
    [2013/03/10 22:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\extensions
    [2013/03/10 21:55:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\lyhong\Application Data\Mozilla\Firefox\Profiles\rw342h46.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/03/10 22:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - Extension: YouTube = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Gmail = C:\Documents and Settings\lyhong\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O4 - Startup: C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1350115032062 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1350117906906 (MUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.4.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29A4F8CA-FD1B-4723-8C16-EFD7A0BE97D7}: DhcpNameServer = 192.168.1.1 184.16.4.22
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\lyhong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\lyhong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/10/12 15:49:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/11 22:11:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
    [2013/03/11 20:13:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\lyhong\Desktop\dds.scr
    [2013/03/11 14:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Windows Desktop Search
    [2013/03/11 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2013/03/11 14:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2013/03/11 14:01:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
    [2013/03/11 14:01:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
    [2013/03/11 14:01:15 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
    [2013/03/11 13:47:22 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\lyhong\Desktop\rkill.exe
    [2013/03/11 12:31:40 | 000,187,072 | ---- | C] (Microsoft, Corp.) -- C:\powertoys_wpchanger.exe
    [2013/03/11 12:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
    [2013/03/11 12:30:58 | 000,187,072 | ---- | C] (Microsoft, Corp.) -- C:\WINDOWS\walltoyUninst.exe
    [2013/03/11 12:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\WallpaperToy
    [2013/03/11 09:48:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lyhong\Recent
    [2013/03/11 06:50:46 | 018,456,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lyhong\Desktop\Windows-KB890830-V4.17.exe
    [2013/03/11 01:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2013/03/11 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\SUPERAntiSpyware.com
    [2013/03/11 00:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2013/03/11 00:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2013/03/11 00:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/03/10 22:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2013/03/10 22:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/10 22:13:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/03/10 21:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/03/10 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013/03/10 20:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/03/10 20:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Deployment
    [2013/03/10 20:31:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\lyhong\IECompatCache
    [2013/03/10 20:26:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2013/03/10 20:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2013/03/10 19:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Malwarebytes
    [2013/03/10 19:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/03/10 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\AWC
    [2013/03/10 18:48:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
    [2013/03/10 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
    [2013/03/10 18:48:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/03/10 18:47:39 | 002,805,760 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll
    [2013/03/10 18:47:39 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpftv6.ocx
    [2013/03/10 18:47:39 | 000,098,304 | ---- | C] (Jeremy Adams, CCRP) -- C:\WINDOWS\System32\ccrpUCW6.dll
    [2013/03/10 18:47:39 | 000,098,304 | ---- | C] (CCRP) -- C:\WINDOWS\System32\ccrpDtp6.ocx
    [2013/03/10 18:47:39 | 000,090,112 | ---- | C] (http://www.mvps.org/vb) -- C:\WINDOWS\System32\ccrpTmr6.dll
    [2013/03/10 18:47:39 | 000,086,016 | ---- | C] (CCRP / ECX Programming) -- C:\WINDOWS\System32\ccrpudn6.ocx
    [2013/03/10 18:47:39 | 000,077,824 | ---- | C] (ECX Programming / CCRP) -- C:\WINDOWS\System32\ccrphky6.ocx
    [2013/03/10 18:47:39 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
    [2013/03/10 18:47:39 | 000,040,960 | ---- | C] (The Lillypad) -- C:\WINDOWS\System32\DLLDesktop.dll
    [2013/03/10 18:47:39 | 000,036,864 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\AlphaImageCreator.dll
    [2013/03/10 18:47:38 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
    [2013/03/10 18:47:38 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
    [2013/03/10 18:44:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lyhong\My Documents\My Videos
    [2013/03/10 18:44:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lyhong\Start Menu\Programs\Administrative Tools
    [2013/03/10 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Help
    [2013/03/10 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Application Data\Help
    [2013/03/10 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2013/03/10 10:08:51 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220294.dll
    [2013/03/10 10:08:51 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3220162.dll
    [2013/03/10 09:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bing Desktop
    [2013/03/10 09:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2013/03/10 09:47:44 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2013/03/10 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2013/03/10 09:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2013/03/10 09:46:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2013/03/10 09:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2013/03/10 09:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2013/03/10 08:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\Logishrd
    [2013/03/10 08:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/11 22:12:55 | 000,001,198 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
    [2013/03/11 22:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lyhong\Desktop\OTL.exe
    [2013/03/11 21:48:31 | 008,294,454 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
    [2013/03/11 21:44:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/11 21:44:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/03/11 21:44:43 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/03/11 21:38:58 | 000,503,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/11 21:38:58 | 000,087,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/11 21:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/11 21:33:58 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
    [2013/03/11 21:33:58 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
    [2013/03/11 21:33:58 | 000,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000007-00001102-00000005-00311102}.rfx
    [2013/03/11 21:33:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2013/03/11 21:33:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2013/03/11 21:27:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/11 20:16:12 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
    [2013/03/11 20:13:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\lyhong\Desktop\dds.scr
    [2013/03/11 17:50:28 | 000,002,408 | ---- | M] () -- C:\WINDOWS\wincmd.ini
    [2013/03/11 14:01:44 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2013/03/11 14:01:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/03/11 13:47:24 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\lyhong\Desktop\rkill.exe
    [2013/03/11 12:30:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk
    [2013/03/11 12:29:50 | 000,187,072 | ---- | M] (Microsoft, Corp.) -- C:\WINDOWS\walltoyUninst.exe
    [2013/03/11 12:29:50 | 000,187,072 | ---- | M] (Microsoft, Corp.) -- C:\powertoys_wpchanger.exe
    [2013/03/11 06:51:39 | 018,456,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lyhong\Desktop\Windows-KB890830-V4.17.exe
    [2013/03/11 00:44:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/10 22:29:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\lyhong\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/03/10 22:29:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2013/03/10 22:26:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
    [2013/03/10 22:13:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2013/03/10 10:20:58 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
    [2013/03/10 10:09:13 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/03/10 10:09:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/03/10 10:09:12 | 001,079,188 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/03/10 09:47:39 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2013/03/10 09:47:39 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2013/03/10 09:46:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2013/03/10 09:12:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/03/10 08:42:29 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/03/10 08:37:44 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2013/03/10 08:28:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/10 08:28:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/10 08:22:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/03/10 08:22:44 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
    [2013/03/06 06:38:36 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
    [2013/03/06 06:38:36 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
    [2013/02/09 23:20:28 | 019,685,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2013/02/09 23:20:28 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2013/02/09 23:20:28 | 010,707,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
    [2013/02/09 23:20:28 | 007,749,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2013/02/09 23:20:28 | 006,070,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2013/02/09 23:20:28 | 004,078,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
    [2013/02/09 23:20:28 | 002,731,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2013/02/09 23:20:28 | 002,481,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2013/02/09 23:20:28 | 002,287,232 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2013/02/09 23:20:28 | 001,990,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2013/02/09 23:20:28 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220294.dll
    [2013/02/09 23:20:28 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3220162.dll
    [2013/02/09 23:20:28 | 000,016,514 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/11 20:16:08 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\lyhong\Desktop\AdwCleaner.exe
    [2013/03/11 14:01:44 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
    [2013/03/11 14:01:44 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2013/03/11 14:01:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2013/03/11 12:30:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Wallpaper Changer.lnk
    [2013/03/11 00:44:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/10 22:26:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
    [2013/03/10 21:20:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\lyhong\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/03/10 21:20:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2013/03/10 21:20:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/03/10 18:47:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\ndspoem.rst
    [2013/03/10 10:16:08 | 008,294,454 | -H-- | C] () -- C:\WINDOWS\System32\toyhide.bmp
    [2013/03/10 10:11:59 | 000,001,198 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
    [2013/03/10 09:46:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2013/03/10 09:44:05 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
    [2013/03/10 08:52:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/03/10 08:52:33 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2013/03/10 08:22:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\lyhong\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2012/11/17 19:15:31 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
    [2012/11/09 09:46:17 | 000,000,349 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
    [2012/11/08 17:08:33 | 000,000,784 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2012/10/14 15:33:11 | 024,910,711 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\d2e31342-7d2c-4bd4-b61f-4a01d2bcee41_dir_temp.bin
    [2012/10/13 19:02:58 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\lyhong\Application Data\glide_wrapper.zbag.ini
    [2012/10/13 19:00:27 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2012/10/13 06:08:03 | 000,002,408 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2012/10/13 05:49:59 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/10/13 05:49:59 | 001,079,188 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/10/13 05:49:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/10/13 05:49:49 | 002,287,232 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/10/13 05:26:37 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2012/10/13 05:26:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2012/10/13 05:26:37 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2012/10/13 04:12:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/10/13 02:03:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2012/10/12 15:50:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/10/12 15:47:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/10/12 11:38:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/10/12 11:37:52 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== ZeroAccess Check ==========

    [2012/10/13 02:28:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 16:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE

    < End of report >
     
  10. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    Extra.txt:

    OTL Extras logfile created on: 3/11/2013 10:15:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\lyhong\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 82.99% Memory free
    5.09 Gb Paging File | 4.55 Gb Available in Paging File | 89.38% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139.73 Gb Total Space | 107.91 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 1799.53 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
    Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: LYHONG-XP | User Name: lyhong | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .txt [@ = txtfile] -- C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe (Just Great Software)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- "C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe" "%1" (Just Great Software)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CFC6D41-EC71-449D-9E12-2F4EAB3D4B83}" = TQVault
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}" = TQ Defiler.NET
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CCleaner" = CCleaner
    "CleanUp!" = CleanUp!
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Deus Ex" = Deus Ex
    "EditPad Lite" = EditPad Lite 7.1.2
    "Freedom Fighters" = Freedom Fighters
    "GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
    "ie8" = Windows Internet Explorer 8
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mount&Blade" = Mount&Blade
    "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Mplayer.com" = Mplayer.com
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "No One Lives Forever" = No One Lives Forever
    "sp6" = Logitech SetPoint 6.52
    "SysInfo" = Creative System Information
    "Tomb Raider: Legend" = Tomb Raider: Legend 1.1
    "Totalcmd" = Total Commander (Remove or Repair)
    "WallpaperToy" = Wallpaper Changer for Windows XP
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.65
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/5/2012 2:20:34 PM | Computer Name = LYHONG-XP | Source = Application Error | ID = 1000
    Description = Faulting application setpoint.exe, version 6.50.152.0, faulting module
    macrocore.dll, version 0.0.0.0, fault address 0x00003c78.

    Error - 12/15/2012 6:45:43 PM | Computer Name = LYHONG-XP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 tqvault.exe, P2 2.3.1.4, P3 4f54130e, P4 system,
    P5 2.0.0.0, P6 504057aa, P7 22ef, P8 c6, P9 system.net.webexception, P10 NIL.

    Error - 12/15/2012 6:46:21 PM | Computer Name = LYHONG-XP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 tqvault.exe, P2 2.3.1.4, P3 4f54130e, P4 system,
    P5 2.0.0.0, P6 504057aa, P7 22ef, P8 c6, P9 system.net.webexception, P10 NIL.

    Error - 12/15/2012 6:46:29 PM | Computer Name = LYHONG-XP | Source = Application Error | ID = 1000
    Description = Faulting application setpoint.exe, version 6.50.152.0, faulting module
    macrocore.dll, version 0.0.0.0, fault address 0x00003c75.

    Error - 3/10/2013 6:49:46 PM | Computer Name = LYHONG-XP | Source = CltMngSvc | ID = 1000
    Description =

    Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 3/10/2013 8:22:49 PM | Computer Name = LYHONG-XP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 3/10/2013 10:33:25 PM | Computer Name = LYHONG-XP | Source = CltMngSvc | ID = 1000
    Description =

    [ System Events ]
    Error - 3/11/2013 1:47:44 PM | Computer Name = LYHONG-XP | Source = Service Control Manager | ID = 7034
    Description = The Creative Service for CDROM Access service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    Did you install Automatic Wallpaper Changer and Strongvault online backup intentionally?
     
  12. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
    What do you mean "intentionally"? I want to install Automatic Wallpaper Changer but not the Strongvault ( what is it ?). The first time it was from CNET and comes with extra softwares and the MIX.dj and a lot of trouble. So I get rid of them except the MIX.dj which can't be rid of. Then, I install MS wallpaper changer which is the same thing except the extras. I don't know how CNET can offer it without validation and the downloads is over 400,000. The MS requires validation and works well so far.

    Is there any action I should take after I run the OTL ?
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    Intentionally means knowingly. Some software gets installed without your knowledge, like the Strongvault.

    Automatic Wallpaper Changer is not the MS one. That is by someone named Steve Murphy, I believe. Is that what your downloaded from Cnet? I don't believe they offer the MS one.

    I will post further instructions for OTL but wanted these questions answered first before proceeding.
     
  14. neofan3

    neofan3 Thread Starter

    Joined:
    Jan 8, 2007
    Messages:
    448
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,568
    I don't think it's the same or maybe a stripped down version. I don't know if they are authorized to ofer it. In any event, that wasn't the one I was asking you about, it was "Automatic Wallpaper Changer" by Steve Murphy because there is evidence that this was also downloaded at the same time as some bad items. I'll go ahead and remove those now.

    Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

    Code:
    :OTL
    [2013/03/10 18:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lyhong\Local Settings\Application Data\AWC
    [2013/03/10 18:48:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
    [2013/03/10 18:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
    [2013/03/10 18:48:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1092629