Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirect and Popup

Started by jv2p , Apr 13 2011 03:41 AM

  • Please log in to reply

#1
jv2p
Posted 13 April 2011 - 03:41 AM

jv2p

    New Member

  • Member
  • Pip
  • 2 posts
Hi guys, recently, my Google's been redirecting me to eBay, and other sites.

The PC used to be my cousin's, and I have since acquired it, but he said it was clean up until he gave it to me. I have UTorrent, but never use that.
Also, my PC as been running a lot slower recently. Any help?
Here is my OTL log.

I have no idea where it came from, I rarely download anythiny. 


OTL logfile created on: 13/04/2011 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Boyang\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 111.09 Gb Free Space | 75.84% Space Free | Partition Type: NTFS
Drive D: | 86.40 Gb Total Space | 64.70 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
 
Computer Name: ALEX | User Name: Boyang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/04/13 10:30:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boyang\My Documents\Downloads\OTL.exe
PRC - [2011/03/23 23:51:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/18 21:03:55 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- c:\Program Files\Warcraft III\war3.exe
PRC - [2011/03/13 16:19:40 | 001,160,760 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2011/03/13 16:19:40 | 000,775,224 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2011/01/05 18:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/09/15 00:01:39 | 000,762,880 | ---- | M] () -- D:\Custom Hero Footies Stats PRO.exe
PRC - [2009/12/29 07:17:04 | 000,469,015 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\GameCaptureX\launch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/02 11:32:58 | 000,684,032 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\PDesk\pdesk.exe
PRC - [2002/01/16 15:15:14 | 000,081,920 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\mgabg.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/04/13 10:30:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boyang\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2002/01/16 15:15:14 | 000,081,920 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2006/02/27 15:32:14 | 000,350,080 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)
DRV - [2001/10/30 06:30:00 | 000,071,744 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "eSnips Search"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..keyword.URL: "http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/05 22:57:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 20:50:04 | 000,000,000 | ---D | M]
 
[2011/03/13 15:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boyang\Application Data\Mozilla\Extensions
[2011/04/12 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boyang\Application Data\Mozilla\Firefox\Profiles\klyp8uwh.default\extensions
[2011/04/01 21:00:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Boyang\Application Data\Mozilla\Firefox\Profiles\klyp8uwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/06 23:34:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Boyang\Application Data\Mozilla\Firefox\Profiles\klyp8uwh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/12 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 17:06:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/01 17:06:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/01 17:06:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/03 17:43:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/03 17:43:40 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/03 17:43:40 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/26 23:11:13 | 000,002,029 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\esnips.xml
[2011/03/03 17:43:40 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Boyang\My Documents\My Pictures\untitled.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Boyang\My Documents\My Pictures\untitled.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/13 15:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/04/12 20:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/12 14:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 14:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/12 13:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Malwarebytes
[2011/04/12 13:44:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/12 13:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/12 13:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/12 13:44:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/12 13:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/12 03:01:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/11 18:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\My Documents\AIMLogger
[2011/04/10 19:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\My Documents\Scratch Projects
[2011/04/10 19:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Start Menu\Programs\Scratch
[2011/04/10 19:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Scratch
[2011/04/10 15:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Tracing
[2011/04/10 15:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/10 15:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/04/10 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/04/10 15:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/04/10 15:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/04/10 15:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/04/10 11:09:05 | 018,147,328 | ---- | C] (iH8sn0w) -- C:\Documents and Settings\Boyang\Desktop\sn0wbreeze-2.2.1.exe
[2011/04/10 10:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\iH8sn0w
[2011/04/07 19:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Uret
[2011/04/07 19:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Rofo
[2011/04/05 23:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/04/05 23:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\uTorrent
[2011/04/03 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\Google
[2011/04/03 00:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\.shsh
[2011/04/02 20:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Apple Computer
[2011/04/02 20:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/02 20:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/02 20:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/02 20:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/02 20:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/02 20:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/02 20:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/04/02 20:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\Apple
[2011/04/02 20:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/02 20:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/04/02 20:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/02 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/02 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/02 20:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\Apple Computer
[2011/04/02 12:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/02 00:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2011/04/01 23:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\My Documents\w3chart
[2011/04/01 17:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/04/01 17:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\SystemRequirementsLab
[2011/04/01 17:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/04/01 17:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/01 17:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 17:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 17:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Sun
[2011/03/31 21:14:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/31 21:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/03/31 21:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/31 21:02:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/31 21:02:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/31 21:02:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/03/31 20:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/03/31 20:55:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/03/31 20:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Xfire
[2011/03/31 20:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xfire
[2011/03/31 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2011/03/31 18:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\id Software
[2011/03/31 18:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\id Software
[2011/03/31 18:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/03/31 07:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/30 08:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/30 08:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/03/30 08:20:20 | 000,000,000 | ---D | C] -- C:\3af70c2811ab615eff9b46
[2011/03/30 08:13:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boyang\IETldCache
[2011/03/30 07:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/03/30 07:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/03/30 07:20:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/30 07:20:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/03/30 03:06:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2011/03/30 03:01:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/03/29 23:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\acccore
[2011/03/29 23:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\AOL
[2011/03/29 23:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\AIM
[2011/03/29 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/03/29 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/03/29 23:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/03/29 23:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/03/29 23:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2011/03/29 03:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/03/29 03:00:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/03/28 21:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/03/28 20:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/03/28 19:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\StealthBot
[2011/03/28 19:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\StealthBot 2.7
[2011/03/28 19:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Start Menu\Programs\StealthBot 2.7
[2011/03/28 19:34:59 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2011/03/27 20:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2011/03/27 20:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011/03/27 16:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/27 15:13:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/26 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\My Documents\My eSnips Downloads
[2011/03/26 23:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\Logia
[2011/03/26 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Logia
[2011/03/26 23:07:36 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Boyang\MSWINSCK.OCX
[2011/03/26 14:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Desktop\MC2
[2011/03/20 20:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Application Data\TeamViewer
[2011/03/20 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/03/20 20:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/03/20 18:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Desktop\GameCaptureX
[2011/03/19 13:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\Temp
[2011/03/16 19:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/03/14 20:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\WindowsApplication1
[2011/03/14 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/03/14 19:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/03/14 19:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/03/14 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/03/14 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/03/14 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/14 19:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/14 19:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/03/14 19:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boyang\Local Settings\Application Data\Microsoft Help
[2011/03/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/03/14 19:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/03/14 19:26:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/03/14 17:41:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/14 11:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/03/14 11:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/04/13 10:18:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/13 10:18:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 10:18:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 06:28:01 | 000,002,496 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/13 06:21:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 13:53:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/12 13:44:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 11:06:37 | 000,379,505 | ---- | M] () -- C:\Documents and Settings\Boyang\My Documents\cimg4354su.jpg
[2011/04/11 07:14:37 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 21:53:09 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/10 21:53:09 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/10 11:16:51 | 360,746,546 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\sn0wbreeze_iPod Touch 2G-4.2.1.ipsw
[2011/04/08 22:45:42 | 000,148,436 | ---- | M] () -- C:\Documents and Settings\Boyang\My Documents\Picture-5.png
[2011/04/08 22:38:26 | 000,036,780 | ---- | M] () -- C:\Documents and Settings\Boyang\My Documents\funny-pictures-2-486x800.jpg
[2011/04/05 23:22:57 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/05 23:22:57 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/04/03 20:50:42 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (3) to Custom Hero Footies Stats PRO.lnk
[2011/04/03 20:50:36 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Warcraft III - The Frozen Throne.lnk
[2011/04/03 20:50:28 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to launch.lnk
[2011/04/03 20:50:08 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Custom Hero Footies Stats PRO.lnk
[2011/04/03 20:50:04 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Custom Hero Footies Stats PRO.lnk
[2011/04/03 00:57:36 | 000,000,781 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2011/04/03 00:07:56 | 000,000,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/04/02 22:07:02 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\StealthBot - W3Ban.lnk
[2011/04/02 08:34:21 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\StealthBot Launcher.lnk
[2011/04/01 12:15:28 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/31 21:15:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/31 21:14:58 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/30 08:13:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/29 23:58:33 | 000,014,850 | ---- | M] () -- C:\Documents and Settings\Boyang\48826_1140261295_7185267_n.jpg
[2011/03/29 23:16:07 | 000,000,403 | -H-- | M] () -- C:\IPH.PH
[2011/03/29 23:16:05 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/03/29 23:16:05 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/03/27 21:20:35 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Boyang\Application Data\winscp.rnd
[2011/03/27 20:42:50 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\WinSCP.lnk
[2011/03/24 19:27:15 | 000,077,456 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2011/03/21 17:30:38 | 000,113,115 | ---- | M] () -- C:\Documents and Settings\Boyang\Desktop\GameCaptureX.rar
[2011/03/20 20:19:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/04/12 13:44:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 11:06:37 | 000,379,505 | ---- | C] () -- C:\Documents and Settings\Boyang\My Documents\cimg4354su.jpg
[2011/04/10 11:15:44 | 360,746,546 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\sn0wbreeze_iPod Touch 2G-4.2.1.ipsw
[2011/04/08 22:44:19 | 000,148,436 | ---- | C] () -- C:\Documents and Settings\Boyang\My Documents\Picture-5.png
[2011/04/08 22:37:48 | 000,036,780 | ---- | C] () -- C:\Documents and Settings\Boyang\My Documents\funny-pictures-2-486x800.jpg
[2011/04/05 23:22:57 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/05 23:22:57 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/04/03 20:50:42 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (3) to Custom Hero Footies Stats PRO.lnk
[2011/04/03 20:50:36 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Warcraft III - The Frozen Throne.lnk
[2011/04/03 20:50:28 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to launch.lnk
[2011/04/03 20:50:08 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Custom Hero Footies Stats PRO.lnk
[2011/04/03 20:50:04 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Custom Hero Footies Stats PRO.lnk
[2011/04/02 20:49:14 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/03/31 21:11:07 | 000,000,332 | ---- | C] () -- C:\logon uninstall.reg
[2011/03/31 21:11:07 | 000,000,306 | ---- | C] () -- C:\logon install.reg
[2011/03/31 07:37:55 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll_38A01
[2011/03/29 23:58:32 | 000,014,850 | ---- | C] () -- C:\Documents and Settings\Boyang\48826_1140261295_7185267_n.jpg
[2011/03/29 23:16:05 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/03/29 23:16:05 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/03/29 23:15:52 | 000,000,403 | -H-- | C] () -- C:\IPH.PH
[2011/03/29 03:16:40 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/03/29 03:16:40 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/03/29 03:16:40 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/03/29 03:16:40 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/03/29 03:16:40 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/03/29 03:16:40 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/03/29 03:16:40 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/03/29 03:16:40 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/03/29 03:16:40 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/03/29 03:16:40 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/03/29 03:16:40 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/03/29 03:16:40 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/03/29 03:16:40 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/03/29 03:16:40 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/03/29 03:16:40 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/03/29 03:16:40 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/03/29 03:16:40 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/03/29 03:16:40 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/03/29 03:16:40 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/03/29 03:16:40 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/03/29 03:16:40 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/03/29 03:16:40 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/03/29 03:16:40 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/03/29 03:16:40 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/03/29 03:16:40 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/03/29 03:16:39 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/03/29 03:16:39 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/03/29 03:16:39 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/03/29 03:16:39 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/03/29 03:16:39 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/03/29 03:16:39 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/03/29 03:16:39 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/03/29 03:16:39 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/03/29 03:16:39 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/03/29 03:16:39 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/03/29 03:16:39 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/03/29 03:16:39 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/03/29 03:16:39 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/03/29 03:16:38 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/03/29 03:16:38 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/03/29 03:16:38 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/03/29 03:16:37 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/03/29 03:16:37 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/03/29 03:16:37 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/03/29 03:16:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/03/29 03:16:36 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/03/29 03:16:36 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/03/29 03:16:36 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/03/29 03:16:34 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/03/29 03:16:32 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/03/29 03:16:32 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/03/29 03:16:32 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/03/29 03:16:32 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/03/29 03:16:32 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/03/29 03:16:32 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/03/29 03:16:32 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/03/29 03:16:32 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/03/29 03:16:32 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/03/29 03:16:32 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/03/29 03:16:32 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/03/29 03:16:11 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/03/28 19:41:21 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\StealthBot - W3Ban.lnk
[2011/03/28 19:40:08 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\StealthBot Launcher.lnk
[2011/03/27 21:11:44 | 005,900,464 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\Sandstorm2
[2011/03/27 20:42:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\winscp.rnd
[2011/03/27 20:42:50 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\WinSCP.lnk
[2011/03/21 17:30:38 | 000,113,115 | ---- | C] () -- C:\Documents and Settings\Boyang\Desktop\GameCaptureX.rar
[2011/03/20 20:19:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/03/18 21:59:54 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Boyang\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/14 11:13:19 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/14 11:13:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/13 15:49:54 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/13 15:43:15 | 000,077,456 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2011/03/13 15:43:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/13 15:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/13 15:26:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 15:21:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/13 15:14:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/13 15:13:20 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/11 12:33:52 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/10 22:18:20 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/03/10 22:18:14 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2009/03/10 22:18:00 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/03/29 23:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/03/31 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/04/02 20:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/29 23:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\acccore
[2011/04/13 06:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\ICQ
[2011/03/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\id Software
[2011/03/26 23:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\Logia
[2011/04/07 19:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\Rofo
[2011/04/09 18:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\StealthBot
[2011/04/01 17:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\SystemRequirementsLab
[2011/03/20 20:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\TeamViewer
[2011/04/12 14:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\Uret
[2011/04/10 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boyang\Application Data\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Heres the Extras.txt log:
OTL Extras logfile created on: 13/04/2011 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Boyang\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 111.09 Gb Free Space | 75.84% Space Free | Partition Type: NTFS
Drive D: | 86.40 Gb Total Space | 64.70 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
 
Computer Name: ALEX | User Name: Boyang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6112:TCP" = 6112:TCP:*:Enabled:Wc
"6113:TCP" = 6113:TCP:*:Enabled:Wc
"6114:TCP" = 6114:TCP:*:Enabled:wc
"6115:TCP" = 6115:TCP:*:Enabled:wc
"6116:TCP" = 6116:TCP:*:Enabled:wc
"6117:TCP" = 6117:TCP:*:Enabled:wc
"6118:TCP" = 6118:TCP:*:Enabled:wc
"6119:TCP" = 6119:TCP:*:Enabled:wc
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.4\ICQ.exe" = C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GooglePinyin2" = 谷歌拼音输入法 2.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Scratch" = Scratch
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winscp3_is1" = WinSCP 4.1.8
"Xfire" = Xfire (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 20/03/2011 06:42:11 | Computer Name = BOYANG-ADDFF937 | Source = Application Error | ID = 1000
Description = Faulting application sfbot 96.exe, version 0.0.0.0, faulting module
 ntdll.dll, version 5.1.2600.2180, fault address 0x000188fa.
 
Error - 21/03/2011 07:02:50 | Computer Name = BOYANG-ADDFF937 | Source = Application Error | ID = 1000
Description = Faulting application sfbot 96.exe, version 0.0.0.0, faulting module
 ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.
 
Error - 25/03/2011 16:06:19 | Computer Name = BOYANG-ADDFF937 | Source = Application Error | ID = 1000
Description = Faulting application sfbot 96.exe, version 0.0.0.0, faulting module
 ntdll.dll, version 5.1.2600.2180, fault address 0x000188fa.
 
Error - 26/03/2011 02:10:28 | Computer Name = BOYANG-ADDFF937 | Source = Application Error | ID = 1000
Description = Faulting application sfbot 96.exe, version 0.0.0.0, faulting module
 ntdll.dll, version 5.1.2600.2180, fault address 0x000188fa.
 
Error - 26/03/2011 09:40:57 | Computer Name = BOYANG-ADDFF937 | Source = Application Hang | ID = 1002
Description = Hanging application WinSCP.exe, version 4.3.2.1201, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 26/03/2011 09:42:54 | Computer Name = BOYANG-ADDFF937 | Source = Application Hang | ID = 1002
Description = Hanging application WinSCP.exe, version 4.3.2.1201, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 01/04/2011 18:51:35 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 02/04/2011 11:10:42 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
 
Error - 02/04/2011 20:35:42 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.1.1, faulting module
 corefoundation.dll, version 1.550.54.0, fault address 0x0003732b.
 
Error - 10/04/2011 06:06:36 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application sn0wbreeze-2.2.1.exe, version 4.0.0.0, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 30/03/2011 13:19:24 | Computer Name = BOYANG-ADDFF937 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done 
this 1 time(s).
 
Error - 30/03/2011 13:19:44 | Computer Name = BOYANG-ADDFF937 | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 60000 milliseconds: Restart the service.
 
 
< End of report >

  • 0

Advertisements

#2
jv2p
Posted 14 April 2011 - 02:34 AM

jv2p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Guys, now I have something called XP Security 2011. Looks like a virus to me, with all the annoying prompts.

Any help?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP