Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus, Trojan, Adware, Backdoor, Hijack, etc [Solved]


  • This topic is locked This topic is locked

#1
YellowRubberDuck

YellowRubberDuck

    Member

  • Member
  • PipPipPip
  • 109 posts
Hi,

Before running OTL, ran:-
1) MBAM & remove 100+ malicious items which includes Adware, Backdoor, Hijack, PUM, PUP, Trojan.
2) AVG & remove Virus Qhost & Trojan.
Let me know if you want me to post these logs.

Status: Laptop is extremely slow, lags when opening & running applications. Even starting up the Windows is slow.
Thanks in advance for your help.


OTL.txt


OTL logfile created on: 8/22/2012 4:06:42 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Haw\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 300.41 Mb Available Physical Memory | 29.62% Memory free
1.63 Gb Paging File | 1.11 Gb Available in Paging File | 67.74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 8.80 Gb Free Space | 29.34% Space Free | Partition Type: NTFS
Drive D: | 44.52 Gb Total Space | 37.59 Gb Free Space | 84.43% Space Free | Partition Type: NTFS

Computer Name: HAN | User Name: Haw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 15:54:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haw\desktop\OTL.exe
PRC - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 16:01:01 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Haw\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/24 15:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/28 22:37:24 | 002,322,501 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/12 13:32:14 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2005/03/08 12:42:09 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 09:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 16:01:06 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/10 16:01:01 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/05/11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2006/05/12 13:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/18 14:27:40 | 000,311,340 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\ipspgp.dll
MOD - [2004/08/18 14:25:50 | 000,069,678 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\wsfirscr.dll
MOD - [2004/08/18 14:25:36 | 000,147,502 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\wsftplib.dll
MOD - [2004/08/18 14:24:38 | 000,049,197 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\wshosts.dll
MOD - [2004/05/25 08:50:36 | 000,839,680 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\libeay32.dll
MOD - [2004/05/25 08:50:36 | 000,159,744 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Pro\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\xriwiso.dll -- (fltorks)
SRV - [2012/07/11 10:00:30 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 21:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/21 03:46:00 | 003,641,832 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/05 22:11:34 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- F:\WIZET\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (Fsfp_atbuwan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2006/06/28 09:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/24 02:07:02 | 000,581,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/08/23 07:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/23 07:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/23 07:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 09:07:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...OuqJsZ4WzHe84xQ
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-13 17:59:24&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2077543
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://search.avg.co...e&lng=en-US&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Haw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 10:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 16:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/25 13:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 13:52:22 | 000,000,000 | ---D | M]

[2010/12/06 23:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Extensions
[2011/12/31 14:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions
[2011/05/29 09:37:58 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2011/10/13 09:51:11 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions\[email protected]
[2010/12/06 23:38:30 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\searchplugins\mywebsearch.xml
[2010/12/06 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 10:47:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/13 18:00:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\9.0.0.18
[2012/02/03 10:10:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/07/30 19:28:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/10 16:01:00 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Haw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Haw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Haw\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haw\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{165C1DF5-05B7-48AA-B378-4261FCFC482E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Haw/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Haw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Haw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 04:24:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/30 18:19:42 | 000,000,093 | RH-- | M] () - D:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell - "" = AutoRun
O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\AUtoPLay\comManD - "" = F:\hostkm.pif
O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\AutoRun\command - "" = F:\hostkm.pif
O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\eXploRe\command - "" = F:\hostkm.pif
O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\oPen\coMmANd - "" = F:\hostkm.pif
O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\Auto\command - "" = F:\
O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell - "" = AutoRun
O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\1\Command - "" = Recycle.exe
O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\2\Command - "" = Recycle.exe
O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe
O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell - "" = AutoRun
O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell - "" = AutoRun
O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\Auto\command - "" = Automatic.sos
O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\Auto\command - "" = F:\
O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{b6144d45-5c14-11e0-aba3-001641830ef2}\Shell\AutoRun\command - "" = forever.exe
O33 - MountPoints2\{b6144d45-5c14-11e0-aba3-001641830ef2}\Shell\open\command - "" = forever.exe
O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell - "" = AutoRun
O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell - "" = AutoRun
O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 15:54:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Haw\Desktop\OTL.exe
[2012/08/22 14:51:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/22 14:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 16:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Company Profile
[2012/08/08 11:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\PlayGirls band
[2012/08/08 11:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Euforia band
[2012/08/07 13:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Minus One singers
[2012/07/25 21:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/07/25 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/25 21:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/25 21:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/25 19:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/07/25 12:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\TAO Agus 2012
[2012/07/24 11:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Company Memo
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 16:04:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 16:04:05 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 15:54:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haw\Desktop\OTL.exe
[2012/08/22 15:12:44 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/08/22 15:12:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/22 14:51:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 10:39:05 | 104,595,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/21 11:56:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 10:28:04 | 000,579,877 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\2 004.jpg
[2012/08/15 10:26:47 | 000,542,488 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\2 003.jpg
[2012/08/14 18:27:52 | 000,173,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/08/13 12:04:56 | 000,003,140 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/08/08 11:01:42 | 000,964,165 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\yea meat update.jpg
[2012/08/06 10:07:29 | 000,219,856 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\yeameat.jpg
[2012/08/03 09:48:56 | 000,537,487 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\1.jpg
[2012/07/31 11:54:22 | 000,179,746 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\Graphic1.jpg
[2012/07/31 11:48:27 | 000,612,851 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\taolounge band2.png
[2012/07/31 11:48:27 | 000,466,023 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\taolounge band.png
[2012/07/31 11:38:56 | 000,113,902 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\augtao.jpg
[2012/07/31 11:38:32 | 000,092,620 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\augyea.jpg
[2012/07/25 21:52:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/25 21:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 14:30:32 | 000,627,125 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\YEA agus tent card2ftx5ft.zip
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/22 14:51:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 02:27:07 | 000,579,877 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\2 004.jpg
[2012/08/15 02:25:28 | 000,542,488 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\2 003.jpg
[2012/08/08 11:02:32 | 000,964,165 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\yea meat update.jpg
[2012/08/06 10:07:23 | 000,219,856 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\yeameat.jpg
[2012/08/03 01:47:14 | 000,537,487 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\1.jpg
[2012/07/31 11:54:22 | 000,179,746 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\Graphic1.jpg
[2012/07/31 11:48:41 | 000,612,851 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\taolounge band2.png
[2012/07/31 11:48:40 | 000,466,023 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\taolounge band.png
[2012/07/31 11:38:56 | 000,113,902 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\augtao.jpg
[2012/07/31 11:38:32 | 000,092,620 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\augyea.jpg
[2012/07/25 21:52:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/24 14:31:24 | 000,627,125 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\YEA agus tent card2ftx5ft.zip
[2011/10/16 20:14:20 | 000,119,942 | ---- | C] () -- C:\Program Files\picclr.bmp
[2011/06/12 20:36:34 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011/02/19 13:41:16 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Haw\config.ini
[2010/12/21 21:45:42 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010/12/14 12:42:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/12/06 23:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 10:39:41 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Haw\default.pls
[2010/11/16 10:33:37 | 000,140,006 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/11/16 10:33:37 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/11/04 16:13:40 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/04 16:13:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\89752C1E59.sys
[2010/02/12 17:12:43 | 000,003,532 | ---- | C] () -- C:\Documents and Settings\Haw\vodservercfg.blf.bak
[2008/08/31 22:15:07 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/06/20 14:07:16 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Haw\SCORES.DAT
[2008/06/17 20:02:55 | 000,002,625 | ---- | C] () -- C:\Documents and Settings\Haw\maxipriest.tst
[2008/04/23 06:02:09 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Haw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 05:35:48 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2011/03/31 13:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012/07/10 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/09/04 18:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/12 09:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/30 13:01:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/05 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/08/03 11:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/08/23 18:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2011/05/17 17:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/27 16:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/24 15:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/07/18 20:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/04/07 11:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/30 18:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/28 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/11/09 11:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/24 08:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2010/11/27 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/31 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\ACD Systems
[2011/03/30 13:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\AVG10
[2010/11/22 19:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\BattlePunks
[2008/08/31 22:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Chicken Chase
[2011/03/27 08:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Command & Conquer 3 Kane's Wrath
[2011/10/22 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Garena
[2011/10/22 23:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GarenaPlus
[2011/07/03 10:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GetRightToGo
[2010/11/03 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GlarySoft
[2009/04/17 19:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GOL_byHasbro
[2011/06/24 15:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Image Zone Express
[2010/01/31 02:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PlayFirst
[2010/11/03 08:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PPStream
[2012/08/17 14:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PriceGong
[2010/11/03 08:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQ
[2008/05/01 22:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQMusicUpdate
[2010/11/03 08:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQUpdate
[2012/08/22 10:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Software Informer
[2010/09/06 14:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\TeamViewer
[2009/05/12 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Tencent
[2010/12/19 21:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Unity
[2009/10/23 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\UNOUndercover
[2009/08/24 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\YoudaGames
[2012/08/22 15:12:44 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/04 18:52:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70372429
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD1485FF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705CCD22
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0651F96C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132EDADA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8893D792
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E79006EF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C

< End of report >


Extra.txt


OTL Extras logfile created on: 8/22/2012 4:06:42 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Haw\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 300.41 Mb Available Physical Memory | 29.62% Memory free
1.63 Gb Paging File | 1.11 Gb Available in Paging File | 67.74% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 8.80 Gb Free Space | 29.34% Space Free | Partition Type: NTFS
Drive D: | 44.52 Gb Total Space | 37.59 Gb Free Space | 84.43% Space Free | Partition Type: NTFS

Computer Name: HAN | User Name: Haw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QQMusic.1.Play] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /play "%1"
Directory [QQMusic.2.Add] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /add "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tencent\QQDownload\QQDownload.exe" = C:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled:超级旋风
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Tencent\QQ\QQ.exe" = C:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ
"C:\Program Files\Tencent\QQMusic\QQMusic.exe" = C:\Program Files\Tencent\QQMusic\QQMusic.exe:*:Disabled:QQ音乐2008
"C:\Program Files\Tencent\QQ\Qzone\Qzone.exe" = C:\Program Files\Tencent\QQ\Qzone\Qzone.exe:*:Enabled:QzoneClient1.3Beta02 V01.3.102.015
"C:\Program Files\Tencent\QQGame\QQGameDl.exe" = C:\Program Files\Tencent\QQGame\QQGameDl.exe:*:Enabled:QQGameDl
"C:\Documents and Settings\All Users\Start Menu\Programs\Games\Chor Tai Tee.exe" = C:\Documents and Settings\All Users\Start Menu\Programs\Games\Chor Tai Tee.exe:*:Disabled:Chor Tai Tee
"C:\Documents and Settings\Haw\Desktop\WIZET\MapleStory\hshield\HSUpdate.exe" = C:\Documents and Settings\Haw\Desktop\WIZET\MapleStory\hshield\HSUpdate.exe:*:Enabled:HSUpdate
"C:\Documents and Settings\Haw\Desktop\WIZET\MapleStory\Patcher.exe" = C:\Documents and Settings\Haw\Desktop\WIZET\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
"C:\Program Files\KuGou\KuGou2010\KuGoo.exe" = C:\Program Files\KuGou\KuGou2010\KuGoo.exe:*:Disabled:酷狗音乐2010
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Documents and Settings\Haw\desktop\blackshot\BlackShot\system\BlackShot.exe" = C:\Documents and Settings\Haw\desktop\blackshot\BlackShot\system\BlackShot.exe:*:Enabled:BlackShot
"C:\Documents and Settings\Haw\desktop\Z\Online Games\blackshot\BlackShot\system\BlackShot.exe" = C:\Documents and Settings\Haw\desktop\Z\Online Games\blackshot\BlackShot\system\BlackShot.exe:*:Enabled:BlackShot
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Haw\Desktop\update.exe" = C:\Documents and Settings\Haw\Desktop\update.exe:*:Enabled:ldrsoft


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F87DA817-8D53-42CC-AA45-93A100341033}" = Nero 7 Essentials
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AhnLab Online Security" = AhnLab Online Security
"Akamai" = Akamai NetSession Interface Service
"Applian FLV Player2.0.25" = Applian FLV Player
"Aros Magic Checkers" = Aros Magic Checkers
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BrainsBreaker" = BrainsBreaker
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B2m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Freecorder5.02" = Freecorder 5
"Glary Utilities_is1" = Glary Utilities 2.29.0.1032
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"Jack Sokoman" = Jack Sokoman
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"Shroomz" = Shroomz
"Software Informer_is1" = Software Informer 1.0 BETA
"ST6UNST #1" = Pokemon Card Keeper
"TaMiGoN" = TaMiGoN
"Tank-o-box" = Tank-o-box
"TeamViewer 5" = TeamViewer 5
"ToggleEN Toolbar" = ToggleEN Toolbar
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonderland Secret Worlds" = Wonderland Secret Worlds
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xeno Assault II" = Xeno Assault II
"Yahoo! Messenger" = Yahoo! Messenger
"仓鼠球" = 仓鼠球 卸载程序

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2012 10:05:49 PM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 338219

Error - 8/13/2012 3:17:35 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/13/2012 3:17:35 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 8/13/2012 3:17:35 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 8/13/2012 3:17:37 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/13/2012 3:17:37 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953

Error - 8/13/2012 3:17:37 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953

Error - 8/13/2012 3:17:39 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/13/2012 3:17:39 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6047

Error - 8/13/2012 3:17:39 AM | Computer Name = HAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6047

[ System Events ]
Error - 8/22/2012 2:03:53 AM | Computer Name = HAN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.8 for the Network Card with network address
001302B4AB0D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 8/22/2012 2:04:45 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7023
Description = The Manager Task service terminated with the following error: %%126

Error - 8/22/2012 2:04:45 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 8/22/2012 2:09:32 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 8/22/2012 3:12:55 AM | Computer Name = HAN | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 8/22/2012 3:12:55 AM | Computer Name = HAN | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 8/22/2012 3:13:28 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7023
Description = The Manager Task service terminated with the following error: %%126

Error - 8/22/2012 3:13:28 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 8/22/2012 3:13:30 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 8/22/2012 3:18:22 AM | Computer Name = HAN | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\xriwiso.dll -- (fltorks)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1
    FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
    [2011/10/13 09:51:11 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions\[email protected]
    [2010/12/06 23:38:30 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\searchplugins\mywebsearch.xml
    O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
    O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0cdf85b9-065f-11e0-aae2-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell - "" = AutoRun
    O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{13ac8f1a-7393-11de-a723-0016d390759e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
    O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{20558d00-494a-11e0-ab81-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\AUtoPLay\comManD - "" = F:\hostkm.pif
    O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\AutoRun\command - "" = F:\hostkm.pif
    O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\eXploRe\command - "" = F:\hostkm.pif
    O33 - MountPoints2\{27f374b8-a25e-11dd-9a61-0016d390759e}\Shell\oPen\coMmANd - "" = F:\hostkm.pif
    O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\Auto\command - "" = F:\
    O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{33fdcd9c-fc2b-11df-aac4-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell - "" = AutoRun
    O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\1\Command - "" = Recycle.exe
    O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\2\Command - "" = Recycle.exe
    O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{36e2a99a-8d58-11de-a800-0016d390759e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe
    O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell - "" = AutoRun
    O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3dccbca6-ae59-11de-a879-0016d390759e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell - "" = AutoRun
    O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3dccbcaa-ae59-11de-a879-0016d390759e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
    O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{47d90050-fdb3-11df-aac8-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
    O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{74d17555-5119-11e0-ab90-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
    O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{857e65c8-ef98-11df-aa90-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\Auto\command - "" = Automatic.sos
    O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9ebe5ae0-0468-11e0-aada-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\Auto\command - "" = F:\
    O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a20c26da-f302-11df-aa9a-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\Auto\command - "" = F:\Automatic.sos
    O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b3b5b77f-1893-11e0-ab1a-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{b6144d45-5c14-11e0-aba3-001641830ef2}\Shell\AutoRun\command - "" = forever.exe
    O33 - MountPoints2\{b6144d45-5c14-11e0-aba3-001641830ef2}\Shell\open\command - "" = forever.exe
    O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
    O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d02f9ecb-ee2d-11df-aa89-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell - "" = AutoRun
    O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d506ecd8-c45e-11df-aa52-0016d390759e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d9432566-5c39-11e0-aba4-001641830ef2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell - "" = AutoRun
    O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\Auto\command - "" = G:\Automatic.sos
    O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e335c870-05e4-11e0-aae1-001641830ef2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Automatic.sos
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
    @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58D2A680
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
    @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70372429
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD1485FF
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B502CB
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705CCD22
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2932DB
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0651F96C
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132EDADA
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8893D792
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E79006EF
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#3
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL logfile created on: 8/23/2012 12:47:48 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Haw\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 470.99 Mb Available Physical Memory | 46.45% Memory free
1.63 Gb Paging File | 1.23 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 11.50 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
Drive D: | 44.52 Gb Total Space | 37.84 Gb Free Space | 84.99% Space Free | Partition Type: NTFS

Computer Name: HAN | User Name: Haw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 15:54:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haw\desktop\OTL.exe
PRC - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 16:01:01 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Haw\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/24 15:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/28 22:37:24 | 002,322,501 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/10/05 22:11:34 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/05/12 13:32:14 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2005/03/08 12:42:09 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/04 09:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 16:01:06 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/10 16:01:01 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2006/05/12 13:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/11 10:00:30 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/10 16:01:04 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 21:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/21 03:46:00 | 003,641,832 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/05 22:11:34 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- F:\WIZET\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (Fsfp_atbuwan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/17 16:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 16:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2006/06/28 09:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/24 02:07:02 | 000,581,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/08/23 07:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/23 07:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/23 07:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 09:07:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...OuqJsZ4WzHe84xQ
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-13 17:59:24&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2077543
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://search.avg.co...e&lng=en-US&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Haw\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 10:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 16:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/25 13:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 13:52:22 | 000,000,000 | ---D | M]

[2010/12/06 23:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Extensions
[2011/12/31 14:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions
[2011/05/29 09:37:58 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Haw\Application Data\Mozilla\Firefox\Profiles\m30ydxiz.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/12/06 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 10:47:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/13 18:00:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\9.0.0.18
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\HAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M30YDXIZ.DEFAULT\EXTENSIONS\[email protected]
[2012/02/03 10:10:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/07/30 19:28:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/10 16:01:00 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Haw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Haw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2012/08/23 12:24:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Haw\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Haw\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{165C1DF5-05B7-48AA-B378-4261FCFC482E}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Haw/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Haw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Haw\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 04:24:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/30 18:19:42 | 000,000,093 | R--- | M] () - D:\AutoRun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 12:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\RK_Quarantine
[2012/08/23 12:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/22 15:54:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Haw\Desktop\OTL.exe
[2012/08/22 14:51:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/22 14:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 16:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Company Profile
[2012/08/08 11:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\PlayGirls band
[2012/08/08 11:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Euforia band
[2012/08/07 13:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\Minus One singers
[2012/07/25 21:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/07/25 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/25 21:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/25 21:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/25 19:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/07/25 12:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haw\Desktop\TAO Agus 2012

========== Files - Modified Within 30 Days ==========

[2012/08/23 12:47:18 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 12:47:17 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/08/23 12:47:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/23 12:34:41 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\RogueKiller.exe
[2012/08/23 12:24:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/23 12:04:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/23 09:34:23 | 104,692,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/22 15:54:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haw\Desktop\OTL.exe
[2012/08/22 14:51:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 11:56:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/15 10:28:04 | 000,579,877 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\2 004.jpg
[2012/08/15 10:26:47 | 000,542,488 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\2 003.jpg
[2012/08/14 18:27:52 | 000,173,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/08/13 12:04:56 | 000,003,140 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/08/08 11:01:42 | 000,964,165 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\yea meat update.jpg
[2012/08/06 10:07:29 | 000,219,856 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\yeameat.jpg
[2012/08/03 09:48:56 | 000,537,487 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\1.jpg
[2012/07/31 11:54:22 | 000,179,746 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\Graphic1.jpg
[2012/07/31 11:48:27 | 000,612,851 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\taolounge band2.png
[2012/07/31 11:48:27 | 000,466,023 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\taolounge band.png
[2012/07/31 11:38:56 | 000,113,902 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\augtao.jpg
[2012/07/31 11:38:32 | 000,092,620 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\augyea.jpg
[2012/07/25 21:52:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/25 21:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 14:30:32 | 000,627,125 | ---- | M] () -- C:\Documents and Settings\Haw\Desktop\YEA agus tent card2ftx5ft.zip

========== Files Created - No Company Name ==========

[2012/08/23 12:34:34 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\RogueKiller.exe
[2012/08/22 14:51:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 02:27:07 | 000,579,877 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\2 004.jpg
[2012/08/15 02:25:28 | 000,542,488 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\2 003.jpg
[2012/08/08 11:02:32 | 000,964,165 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\yea meat update.jpg
[2012/08/06 10:07:23 | 000,219,856 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\yeameat.jpg
[2012/08/03 01:47:14 | 000,537,487 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\1.jpg
[2012/07/31 11:54:22 | 000,179,746 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\Graphic1.jpg
[2012/07/31 11:48:41 | 000,612,851 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\taolounge band2.png
[2012/07/31 11:48:40 | 000,466,023 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\taolounge band.png
[2012/07/31 11:38:56 | 000,113,902 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\augtao.jpg
[2012/07/31 11:38:32 | 000,092,620 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\augyea.jpg
[2012/07/25 21:52:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/24 14:31:24 | 000,627,125 | ---- | C] () -- C:\Documents and Settings\Haw\Desktop\YEA agus tent card2ftx5ft.zip
[2011/10/16 20:14:20 | 000,119,942 | ---- | C] () -- C:\Program Files\picclr.bmp
[2011/06/12 20:36:34 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2011/02/19 13:41:16 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Haw\config.ini
[2010/12/21 21:45:42 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010/12/14 12:42:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/12/06 23:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 10:39:41 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Haw\default.pls
[2010/11/16 10:33:37 | 000,140,006 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/11/16 10:33:37 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/11/04 16:13:40 | 000,003,140 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/04 16:13:40 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\89752C1E59.sys
[2010/02/12 17:12:43 | 000,003,532 | ---- | C] () -- C:\Documents and Settings\Haw\vodservercfg.blf.bak
[2008/08/31 22:15:07 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/06/20 14:07:16 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Haw\SCORES.DAT
[2008/06/17 20:02:55 | 000,002,625 | ---- | C] () -- C:\Documents and Settings\Haw\maxipriest.tst
[2008/04/23 06:02:09 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Haw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 05:35:48 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2011/03/31 13:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012/07/10 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/09/04 18:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/12 09:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/30 13:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/05 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/08/03 11:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/08/23 18:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2011/05/17 17:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/27 16:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/24 15:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/07/18 20:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/04/07 11:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/30 18:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/28 20:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/11/09 11:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/24 08:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2010/11/27 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/31 13:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\ACD Systems
[2011/03/30 13:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\AVG10
[2010/11/22 19:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\BattlePunks
[2008/08/31 22:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Chicken Chase
[2011/03/27 08:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Command & Conquer 3 Kane's Wrath
[2011/10/22 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Garena
[2011/10/22 23:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GarenaPlus
[2011/07/03 10:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GetRightToGo
[2010/11/03 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GlarySoft
[2009/04/17 19:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\GOL_byHasbro
[2011/06/24 15:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Image Zone Express
[2010/01/31 02:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PlayFirst
[2010/11/03 08:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PPStream
[2012/08/17 14:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\PriceGong
[2010/11/03 08:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQ
[2008/05/01 22:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQMusicUpdate
[2010/11/03 08:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\QQUpdate
[2012/08/23 09:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Software Informer
[2010/09/06 14:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\TeamViewer
[2009/05/12 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Tencent
[2010/12/19 21:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\Unity
[2009/10/23 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\UNOUndercover
[2009/08/24 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haw\Application Data\YoudaGames
[2012/08/23 12:47:17 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/04 18:52:55 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >




RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Haw [Admin rights]
Mode: Scan -- Date: 08/23/2012 12:39:16

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080BH +++++
--- User ---
[MBR] 0921744e6486cd791ae818a225bce391
[BSP] b7654973f167151e0eaba2ec223a3c34 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30725 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 62926605 | Size: 45590 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Haw [Admin rights]
Mode: Remove -- Date: 08/23/2012 12:40:31

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080BH +++++
--- User ---
[MBR] 0921744e6486cd791ae818a225bce391
[BSP] b7654973f167151e0eaba2ec223a3c34 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30725 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 62926605 | Size: 45590 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Haw [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/23/2012 12:43:46

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Haw\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 8 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 243 / Fail 0
My documents: Success 3 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 431 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#4
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Status:
1) When restarting, I have skipped Windows checkdisk. All along, checkdisk ran whenever I start my laptop.
2) When running RK, this dialog box appear:
Explorer.exe - Application error
The instruction at "0x100024b0" ... The memory could not be written... OK to terminate, Cancel to debug.
I chose OK several times.

Edited by YellowRubberDuck, 23 August 2012 - 12:15 AM.

  • 0

#5
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#6
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.11
Haw :: HAN [limited]

8/24/2012 10:51:48 AM
mbam-log-2012-08-24 (10-51-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195844
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\18\536bfdd2-74a354e8 a variant of Java/Exploit.CVE-2011-3544.C trojan deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\8\8907cc8-7d4f8ca7 multiple threats deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\9\4c3cc689-371ecea3 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
D:\AutoRun.inf INF/Autorun.gen worm cleaned by deleting - quarantined




Status:
1) Windows checkdisk still runs whenever I start/restart my laptop.
2) Windows notification, auto turn off windows firewall & windows update whenever I start/restart my laptop.
3) Web browser lags/freezes/hang.
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#8
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Haw (administrator) on 25-08-2012 at 14:53:24
Running from "C:\Documents and Settings\Haw\desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 09:07] - [2004-08-04 09:07] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 09:07] - [2004-08-04 09:07] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 09:07] - [2004-08-04 09:07] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-23 04:19] - [2004-08-04 09:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2008-04-23 04:21] - [2004-08-04 09:07] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2008-04-23 04:21] - [2004-08-04 09:07] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-23 04:19] - [2004-08-04 09:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2008-04-23 04:22] - [2004-08-04 09:07] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2008-04-23 04:22] - [2004-08-04 09:07] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 09:07] - [2004-08-04 09:07] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 09:07] - [2004-08-04 09:07] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-04 09:07] - [2004-08-04 09:07] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Avgtdix(10) fssfltr(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(9) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
what are your current problems ?
  • 0

#10
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

Current problem:
1) Every start/restart laptop, Windows checkdisk run. Unsure what's the problem. HD or virus problem?

Status:
1) The firewall, windows update auto off doesn't happen anymore. :)
2) Laptop is running quite ok, just some lag when opening applications.
3) Google Chrome still freezes whenever I open tabs or downloading attachments from email.
  • 0

#11
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

NEXT

Download the attached file

Right click Fix.reg and select merge
Accept the warnings

Reboot windows.

Let me know if checkdisk is still running on startup.

Attached Files

  • Attached File  Fix.reg   144bytes   42 downloads

  • 0

#12
YellowRubberDuck

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
The checkdisk is still running at startup.

There are other problems as well so I'm taking this laptop for formatting. I guess it's the easiest way to solve all the problems.

Thanks for your help very much! I appreciate it :) Have a great week ahead.
  • 0

#13
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
ok ;)
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP